Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the extractImageInfo function for user avatars. An attacker can execute arbitrary scripts in the context of another user by uploading malicious files that are served without proper content type validation...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

PT-2025-35722

Name of the Vulnerable Software and Affected Versions: mautic affected versions not specified Description: A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose...

Directory Traversal

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Directory...

CVE-2025-9172

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2018-11762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an...

ROS-20250819-05

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

ROS-20250819-06

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH...

SUSE-SU-2025:02837-1 Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of '', '.' and '..' in some PATH...

Linux Distros Unpatched Vulnerability : CVE-2020-25682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them...

USN-7698-1 openldap vulnerabilities

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. CVE-2020-36221 It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A...

SUSE-SU-2025:02812-1 Security update for go1.23-openssl

This update for go1.23-openssl fixes the following issues: Updated to go1.23.12 released 2025-08-06 bsc1229122: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of '', '.' and '..' in some PATH...

Malicious code in nanotechnology-mini-css-extract-plugin-sociobiology-superagent (npm)

The package nanotechnology-mini-css-extract-plugin-sociobiology-superagent was found to contain malicious code...

Malicious code in mini-css-extract-plugin-jabbah-dotenv-safe-asthenosphere (npm)

The package mini-css-extract-plugin-jabbah-dotenv-safe-asthenosphere was found to contain malicious code...

MAL-2025-26424 Malicious code in mini-css-extract-plugin-jabbah-sagitta-graphql (npm)

The package mini-css-extract-plugin-jabbah-sagitta-graphql was found to contain malicious code...

MAL-2025-22136 Malicious code in halley-eclipse-mini-css-extract-plugin-nightwatch (npm)

The package halley-eclipse-mini-css-extract-plugin-nightwatch was found to contain malicious code...