Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

CVE-2026-43498

CVE-2026-43498 is a Linux kernel issue in the accel/ivpu path. The vulnerability stems from the ability to re-export imported GEM buffers; a fix adds a custom prime_handle_to_fd callback that checks if the GEM object is imported and returns -EOPNOTSUPP in that case. Under re-export scenarios, buf...

[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

CVE-2021-31902

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly...

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

PT-2025-50609

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

EUVD-2020-30808

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

CVE-2020-36862 Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

PT-2025-44468

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.11 Description Nagios XI versions prior to 5.6.11 have unauthenticated issues in the Highcharts local exporting tool. Specifically, crafted export requests can lead to insufficient output encoding, resulting in...

EUVD-2024-19389

Malicious code in bioql PyPI...

Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World

Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the habanalabs driver not handling file descriptors correctly when exporting dmabuf, which could lead to reuse...

CLSA-2025-1756751437 gnutls: Fix of CVE-2025-32988

CVE-2025-32988: fix double-free vulnerability when exporting othernames in SAN...

USN-7619-1 libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

CVE-2024-21775

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature...

UBUNTU-CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

CVE-2024-36464

CVE-2024-36464 affects Zabbix media-types export: passwords are exported in YAML in plain text. The description in the CVE notes this is a best-practices type issue with likely limited impact, since only users who can access media types can view the passwords. Connected documents corroborate this...