CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

EUVD-2017-6789

Malware in sbrugna...

EUVD-2022-44292

Malicious code in bioql PyPI...

Security Bulletin: An issue was discovered in pip (all versions) because it installs the version with the highest version number, which affects IBM watsonx.data

Summary An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package do...

Siemens SCALANCE LPE9403 Stack-Based Buffer Overflow (CVE-2025-40579)

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non- privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition...

ALSA-2025:10073 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities

Update 6/12/2025: Microsoft released an additional CVE CVE-2025-32717 . Details and SIDs have been reflected to include this additional vulnerability. Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 th...

CVE-2023-30428

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

Microsoft Windows Multiple Vulnerabilities (KB5058405)

This host is missing an important security update according to Microsoft KB5058405 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Alibaba Cloud Linux 3 : 0121: mingw packages (ALINUX3-SA-2022:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13734: Out of bounds write in...

Alibaba Cloud Linux 3 : 0040: spamassassin (ALINUX3-SA-2022:0040)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0040 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-11805: In Apache SpamAssassin...

PT-2025-14605 · Unknown · Itning Student Homework Management System

Name of the Vulnerable Software and Affected Versions: itning Student Homework Management System versions 1.2.7 and earlier Description: A problem has been identified in the system, affecting an unknown functionality. This issue leads to cross-site request forgery, which can be exploited remotely...

PT-2025-16820 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateGateways method. This could allow an authenticated remote attacker...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05073)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Mozilla Firefox ESR < 115.20

The version of Firefox ESR installed on the remote Windows host is prior to 115.20. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-08 advisory. - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird...

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

USN-6885-3: Apache HTTP Server vulnerabilities

USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A remote attacker...

PT-2024-4772

The vulnerable software is Microsoft Windows, specifically the Windows Remote Desktop Licensing Service. This pre-authentication remote code execution issue affects all versions of Windows Server from 2000 to 2025. To exploit this issue, an unauthorized attacker can connect to the Remote Desktop...

PT-2024-24170 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: Xunruicms versions 4.6.3 and before Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via the Security.php file in the catalog XunRuiCMSdayruiFcmsLibrary. This enables the attacker to perform...

CVE-2023-45722 Path Traversal Arbitrary File Read affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory. The product does not properly neutralize special...