CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

PT-2026-1751

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 1.2.38 Description The Amelia plugin for WordPress is susceptible to unauthorized access because of absent capability checks on several AJAX actions. This allows unauthenticated attacker...

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

PT-2026-1178

Name of the Vulnerable Software and Affected Versions CasaOS versions up to and including 0.4.15 Description CasaOS versions up to and including 0.4.15 have unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The...

CLSA-2025-1767028936 Fix CVE(s): CVE-2025-11839

SECURITY UPDATE: crash in objdump when processing malformed debug data - debian/patches/CVE-2025-11839.patch: remove abort call in DGB debug-format printing code to avoid uncontrolled program termination when handling crafted input files - CVE-2025-11839...

CVE-2022-50665

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix failed to find the peer with peerid 0 when disconnected It has a fail log which is ath11kdbg in ath11kdprxprocessmonstatus, as below, it will not print when debugmask is not set ATH11KDBGDATA. ath11kdbgab,...

OESA-2025-2531 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact...

ROS-20251023-01

A vulnerability in the cifscomposemountoptions function of the fs/smb/client/cifsproto.h module of the SMB client support kernel of the Linux operating system is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a...

EUVD-2022-15826

Malicious code in bioql PyPI...

EUVD-2023-59471

Malicious code in bioql PyPI...

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

...

SUSE CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks bsc1229273. CVE-2023-52752: smb: client: fix...

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes one issue. The following security issue was fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024172 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure Vulnerability

ABB Cylon Aspect version 3.08.01 is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page:...