php:8.2 security update

An update is available for module.php, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, module.php-pecl-xdebug3, php, php-pear, php-pecl-zip, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.libzip, libzip. This update affects Rocky Linux 8. A Common...

EulerOS Virtualization 2.13.0 : openssh (EulerOS-SA-2025-2612)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...

AlmaLinux 8 : openssh (ALSA-2025:23481)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23481 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh:// U...

EUVD-2009-3358

Malware in sbrugna...

EUVD-2002-1344

Malware in sbrugna...

EUVD-2010-2093

Malware in sbrugna...

EUVD-2025-5484

Malicious code in bioql PyPI...

EUVD-2023-1571

Malicious code in bioql PyPI...

EUVD-2022-3849

Malicious code in bioql PyPI...

CVE-2025-27398

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of...

OpenJDK: missing string checks for NULL characters (8296622)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to explo...

Nokia BTS TRS web console 安全漏洞

Nokia BTS TRS web console is Nokia Transfer Module Authentication from Nokia Finland. A security vulnerability exists in the Nokia BTS TRS web console, which originates in the Nokia BTS TRS web console FTMW20FP22019.08.160010 version, that allows an unauthenticated, malicious user to bypass the...

Nextcloud: [nextcloud.com] Control character allowed in Submit Question

Issue descriptions We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains...

OPENSUSE-SU-2021:0025-1 Security update for kitty

This update for kitty fixes the following issue: - CVE-2020-35605: Fixed an RCE due to filenames containing special characters contained in error messages boo1180298...

Critical: thunderbird

Issue Overview: When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even...

mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...

phpwind 9 /src/service/tag/dao/PwTagDao.php SQL注入漏洞

phpwind是国内一款流行的内容管理系统软件，其9版本/src/service/tag/dao/PwTagDao.php文件代码第116行的$tagName变量由$GET方式获得，代码117-119行拼接SQL语句，带入数据查询。在查询之前执行了/wind/db/mysql/WindMysqlPdoAdapter.php文件代码第24行设置编码为gbk，由此导致宽字节漏洞产生。 phpwind 9...

Easy room search system type injection exploit-vulnerability warning-the black bar safety net

This system is a housing transactions, rental of the system. Vulnerability file: searchsell. asp; the searchhire. asp; the searchbuy. asp conn. asp Keyword inurl: efwmanager; the inurl: the searchhire. asp; and inurl: in subhack. asp? This keyword is a bit much By Macromedia Dreamweaver the searc...

GLSA-200808-03 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200808-03 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS...

The PERL foundry Multi-threading+support Chinese crack SQL automatically injected into the guessing machine-vulnerability warning-the black bar safety net

Say toSQL injectionmachine, from the doll for moving the web article dvTxt. pl to the smelly bum peerless guess CSC, NB Alliance, NBSI, we have used? 开 天 始祖 dvTxt.pl also don't be changed how many times, to be used for a variety of differentSQL injectionthe vulnerability of the system, usually th...