RLSA-2026:22304 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

EUVD-2024-3528

Malicious code in bioql PyPI...

Mattermost Server 9.5.x < 9.5.13, 9.11.x < 9.11.5, 10.0.x < 10.0.3, 10.1.x < 10.1.3, 10.2.0 (MMSA-2024-00388, MMSA-2024-00392)

The version of Mattermost Server installed on the remote host is prior to 9.5.13, 9.11.5, 10.0.3, 10.1.3 or 10.2.0. It is, therefore, affected by the vulnerabilities as referenced in the MMSA-2024-00388 and MMSA-2024-00392 advisories: - Mattermost fails to prevent concurrently checking and updati...

CVE-2024-54083 DoS via lack of type validation in Calls

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

PT-2022-22874 · Proxmox +1 · Pve-Http-Server +3

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions prior to pve-http-server 4.1-3 Proxmox Mail Gateway versions prior to pve-http-server 4.1-3 Description: A response-header CRLF injection vulnerability in the web interface allows a remote attacker to set...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

Nextcloud: HTML Injection on "polls" app - comments section (possibly XSS)

Hi everyone, On latest version of Polls app 1.7.5, I noticed a lack of user input filtering for the "Description" part of the survey. An HTML injection is therefore possible. I tried to inject JavaScript code to get an XSS but I didn't succeed. Certainly someone better than me will be able to do...

Harvest: Opportunity to set arbitrary cookies

The location hash on a configure page is used to set a cookie value of the same content. Visiting of a page like https://%domain%.harvestapp.com/invoices/configurefoo will result into a foo cookie setting. This value isn't validated at all, which gives an attacker the opportunity to set arbitrary...

Oracle: Security Advisory (ELSA-2014-0625)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssl security update

1.0.1e-16.14 - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerabilit...