CVE-2025-59898

CVE-2025-59898 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue is a persistent authenticated Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user input in the exclude_dir parameter (endpoint /add_exclude_dir?sid=). An atta...

PT-2026-5106

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

OESA-2026-1206 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to...

CVE-2026-23766

No description is available for this CVE...

CVE-2026-23766

...

CVE-2026-23766

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

CVE-2025-59020

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

PT-2026-20429

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock situation can occur in the Linux kernel related to tracing and System Call Interface SBI Extended Call ECALL functionality on RISC-V systems. Specifically, if functions within...

WordPress Search Exclude plugin <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability

Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Search Exclude versions = 2.4.9...

UBUNTU-CVE-2023-54297

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix memory leak after finding block group with super blocks At excludesuperstripes, if we happen to find a block group that has super blocks mapped to it and we are on a zoned filesystem, we error out as this is not...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

How to Exclude Machines from Proactive Malware Scanning

Article Applicability The exclusion setting discussed in this article was added in Veeam Backup & Replication 13.0.1.180. Purpose This article documents how to exclude specific machines from Proactive Malware Scans the "Perform signature-based scan when malware event appears" option. Exclusions a...

CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

Unsafe Dependency Resolution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a crafted Git hook in a repository, which i...

Improper Restriction of Communication Channel to Intended Endpoints

Overview fastcrud is a FastCRUD is a Python package for FastAPI, offering robust async CRUD operations and flexible endpoint creation utilities. Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to improper handling of the...

openSUSE 16 Security Update : pnpm (openSUSE-SU-2025-20115-1)

"The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20115-1 advisory. Changes in pnpm: - update to 10.22.0: Minor Changes - Added support for trustPolicyExclude 10164. You can now list one or more specific package...

OPENSUSE-SU-2025:20119-1 Security update for tcpreplay

This update for tcpreplay fixes the following issues: - update to 4.5.2: features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AFXDP socket support - tcpreplay -w write into a pcap file - tcpreplay --fixhdrlen - --include and --exclude options -...

OPENSUSE-SU-2025:20115-1 Security update for pnpm

This update for pnpm fixes the following issues: Changes in pnpm: - update to 10.22.0: Minor Changes - Added support for trustPolicyExclude 10164. You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy...