CVE-2025-31469

CVE-2025-31469 is a Missing Authorization vulnerability in the Clear Sucuri Cache WordPress plugin. Affected: Clear Sucuri Cache

CVE-2025-2888

CVE-2025-2888 affects the Amazon tough client (The Update Framework) where, during a snapshot rollback, the client incorrectly caches timestamp metadata. If the next update checks this cache, update timestamp validation may fail, blocking subsequent updates until the cache is cleared. The issue i...

CVE-2023-52982

In the Linux kernel, the following vulnerability has been resolved: fscache: Use waitonbit to wait for the freeing of relinquished volume The freeing of relinquished volume will wake up the pending volume acquisition by using wakeupbit, however it is mismatched with waitvarevent used in...

PT-2025-11696 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.8.0 Description: The issue is related to the outlines library used by vLLM for structured output, which has an optional cache for compiled grammars on the local filesystem. This cache is enabled by default. A maliciou...

Important: kernel-livepatch-4.14.355-275.572

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...

Linux Distros Unpatched Vulnerability : CVE-2024-41031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGEPMDORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be...

Linux Distros Unpatched Vulnerability : CVE-2024-42241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...

CVE-2025-21811 nilfs2: protect access to buffers with no active references

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1186)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1151)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

CVE-2022-31167

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...

Security update for curl

This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-56169

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties such as Fort are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently...

CVE-2024-53866 pnpm vulnerable to no-script global cache poisoning via overrides / `ignore-scripts` evasion

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

aioHTTP 3.10.6 < 3.10.11 Memory Leak

The version of aioHTTP installed on the remote host is prior to 3.10.11. It is, therefore, affected by a memory leak vulnerability. aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a...

curl: CVE-2024-9681: HSTS subdomain overwrites parent cache entry

The HSTS HTTP Strict Transport Security cache in the curl web client can be overwritten by a subdomain, causing the parent domain's HSTS expiration time to be set incorrectly. This issue was discovered in curl versions 8.10.1 and 8.11.0-DEV...

SUSE-SU-2024:1634-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 bsc1222548...

OESA-2024-1513 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploi...