181 matches found
CVE-2025-39795 affecting package kernel for versions less than 5.15.200.1-1
CVE-2025-39795 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-39772 affecting package kernel for versions less than 5.15.200.1-1
CVE-2025-39772 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1
CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...
GHSA-9R75-G2CR-3H76 Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens
createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability...
PT-2026-20792
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A stored Cross-Site Scripting XSS issue exists in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline tag without proper escaping. A crafted value containing cou...
CVE-2025-54147 Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
PT-2026-7560
Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that allows a remote attacker with administrator privileges to exhaust resources, potentially preventing other systems, applications, or processes from accessin...
CVE-2023-48795 affecting package rust for versions less than 1.90.0-1
CVE-2023-48795 affecting package rust for versions less than 1.90.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-24887
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...
Linux Distros Unpatched Vulnerability : CVE-2025-68160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-bas...
MiracleLinux 4 : qemu-kvm-0.12.1.2-2.448.AXS4.3 (AXSA:2015-140:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-140:02 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Security issues fixed with this release: CVE-2015-3456 Tenab...
CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Better Business Reviews versions = 0.1.1...
CVE-2025-40083 affecting package kernel for versions less than 6.6.117.1-1
CVE-2025-40083 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...
EUVD-2025-201830
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
SonicWall Email Security Affected By Multiple Vulnerabilities
1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...
CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1
CVE-2025-31133 affecting package moby-runc for versions less than 1.2.8-1. An upgraded version of the package is available that resolves this issue...
SonicWall SMA100 Potential Exposure of Sensitive Information in Log File
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...