CVE-2025-68035

Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through = 5.8.4...

WordPress Tabby Checkout plugin <= 5.8.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin Tabby Checkout versions = 5.8.4...

CVE-2025-58744 Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...

MiracleLinux 9 : kernel-5.14.0-70.30.1.el9_0 (AXSA:2023-5105:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5105:05 advisory. posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003846)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003846 advisory. In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004155)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004155 advisory. A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004133)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004133 advisory. getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page...

CVE-2023-45806

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

CVE-2023-45811

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

CVE-2025-15346

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000383)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000383 advisory. A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impac...

EUVD-2026-0825

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

CVE-2025-68437

CVE-2025-68437 affects Craft CMS via SSRF in the GraphQL mutation save__Asset , caused by insufficient validation of the _file.url parameter. Affected versions are 5.0.0-RC1–5.8.20 and 4.0.0-RC1–4.16.16 . An attacker with asset-management permissions can supply a URL pointing to internal IPs or c...

PT-2026-1068

Name of the Vulnerable Software and Affected Versions PluXml versions prior to 5.8.23 Description A flaw exists in PluXml that could allow for remote code execution. The issue is located in the FileCookieJar:: destruct function within the core/admin/medias.php file of the Media Management Module...

SUSE CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

EUVD-2025-205866

CBORDecoder reuse can leak shareable values across decode calls...

AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...