6511 matches found
EUVD-2024-31254
Malicious code in bioql PyPI...
EUVD-2022-52404
Malicious code in bioql PyPI...
EUVD-2025-20846
Malicious code in bioql PyPI...
EUVD-2024-53538
Malicious code in bioql PyPI...
EUVD-2022-4547
Malicious code in bioql PyPI...
EUVD-2022-26679
Malicious code in bioql PyPI...
php security update
An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...
kernel security update
An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
PT-2025-40524
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/getCobrandingData endpoint, allowing path traversal sequences to be included. This can be used to read any loca...
Security update for nginx
This update for nginx fixes the following issues: CVE-2025-53859:Â the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 bsc1236851. Patch...
PT-2025-43520
Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A CRLF-injection flaw exists in KeeneticOS prior to version 4.3. This issue is present at the /auth API endpoint and could allow attackers to gain control of the device. Exploitation involves adding...
CVE-2024-55017
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...
AlmaLinux 8 : php:8.2 (ALSA-2025:15687)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...
CLSA-2025-1758896552 dovecot: Fix of CVE-2020-12674
CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...
CLSA-2025-1758820840 dovecot: Fix of CVE-2020-12674
CVE-2020-12674: fix mishandling of zero length in RPA request to prevent auth service crash...
CVE-2025-9353
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...
Malicious code in @things-factory/auth-base (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db891d17c83cd814d4976534e1ff8e7675f41f0c50baedecafab80bcdf4156fb Any computer that has this package installed or running should be considered fully compromised. All...
CLSA-2025-1758034087 kernel: Fix of 24 CVEs
tls: always refresh the queue when reading sock CVE-2025-38471 - Bluetooth: hcicore: Fix use-after-free in vhciflush CVE-2025-38250 - i2c/designware: Fix an initialization issue CVE-2025-38380 - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds CVE-2025-38159 - mm/hugetlb:...
PT-2025-38075
Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden contain a pre-authentication file disclosure issue via the db log POST parameter. Remote attackers can retrieve arbitrary...