Linux Distros Unpatched Vulnerability : CVE-2017-17517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Linux Distros Unpatched Vulnerability : CVE-2017-17511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

Linux Distros Unpatched Vulnerability : CVE-2016-1000107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data...

Linux Distros Unpatched Vulnerability : CVE-2017-17531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

Linux Distros Unpatched Vulnerability : CVE-2017-17519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batteriesConfig.mlp in OCaml Batteries Included aka ocaml-batteries 2.6 does not validate strings before launching the program specified by the BROWSER...

Linux Distros Unpatched Vulnerability : CVE-2017-17530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352

CVE-2025-5352 describes a critical stored XSS in Lunary Analytics; the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is injected into the DOM via dangerouslySetInnerHTML without sanitization in Lunary versions

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

PT-2025-34524 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to 1.9.23 Description: A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component. The NEXT PUBLIC CUSTOM SCRIPT environment variable is directly injected into the DOM using...

CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

PT-2025-34237

Name of the Vulnerable Software and Affected Versions: org.keycloak/keycloak-model-storage-service affected versions not specified Description: A flaw exists in the KeycloakRealmImport custom resource, which substitutes placeholders within imported realm documents, referencing environment...

TencentOS Server 4: mtr (TSSA-2025:0537)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0537 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security update for go1.25

go1.25 released 2025-08-12 is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...