872 matches found
SUSE SLES15 Security Update : libsoup (SUSE-SU-2025:3752-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3752-1 advisory. - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Tenable has extracted the preceding...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:3752-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read bsc1250562...
PT-2025-43454
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24045)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...
Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data
Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...
CVE-2025-62245
creationtimestamp| type| source ---|---|--- 2025-10-10 21:10:04+00:00| seen| Telegram/8uZyiFoeOrHu64JO3fKUzmI8PYeUmmStUf4jYAEat7ZjMU 2025-10-13 20:14:21+00:00| seen| Telegram/LDfuhP-enyhct-bZfjpxgyQZRsCE1h8UxOafSmRbNXMVf6g...
PT-2025-41312
Name of the Vulnerable Software and Affected Versions CCleaner versions 5.33.6162 CCleaner Cloud versions 1.07.3191 Description CCleaner and CCleaner Cloud contained a malicious pre-entry-point loader that redirects execution to a custom loader. This loader decodes an embedded blob into shellcode...
EUVD-2005-2507
Malware in sbrugna...
EUVD-2001-0929
Malware in sbrugna...
EUVD-2018-1499
Malware in sbrugna...
EUVD-2022-0386
Malicious code in bioql PyPI...
EUVD-2022-0371
Malicious code in bioql PyPI...
EUVD-2022-3479
Malicious code in bioql PyPI...
EUVD-2022-0382
Malicious code in bioql PyPI...
EUVD-2021-30687
Malicious code in bioql PyPI...
CVE-2025-41096
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...
CVE-2025-41096
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...
CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the current contract details using unauthorised internal identifiers...