Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

CVE-2026-5650

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.

Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...

GHSA-4C5F-9MJ4-M247 flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

CVE-2025-63891

The vulnerability CVE-2025-63891 affects SourceCodester’s Simple Online Book Store System. A remote, unauthenticated attacker can disclose the full database contents (including schema and credential hashes) by accessing a web‑accessible backup file via an unauthenticated HTTP GET to /obs/database...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

RHEL 9 : golang (RHSA-2025:21336)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21336 advisory. The golang packages provide the Go programming language compiler. Security Fixes: database/sql: Postgres Scan Race Condition CVE-2025-47907 For more...

CLSA-2025-1761325428 golang: Fix of CVE-2025-47907

CVE-2025-47907: avoid closing Rows in database/sql while scanning is in progress...

EUVD-2020-0461

Malware in sbrugna...

EUVD-2015-1073

Malware in sbrugna...

EUVD-2022-41827

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24-openssl (SUSE-SU-2025:03158-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03158-1 advisory. Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged...

Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. jscSLE-18320 Rebase to 1.23.12 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash...

Security update for go1.24-openssl

This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jscSLE-18320 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

SUSE-SU-2025:03158-1 Security update for go1.24-openssl

This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jscSLE-18320 Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length...

CVE-2025-10122 Maccms10 Database.php rep sql injection

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

CVE-2025-47907 Incorrect results returned from Rows.Scan in database/sql

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...

CVE-2025-47907 Incorrect results returned from Rows.Scan in database/sql

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...