Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: doxygen (UTSA-2026-021269)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021269 advisory. In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of...

CVE-2026-25731

A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file...

UBUNTU-CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

EUVD-2026-5573

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

MiracleLinux 8 : gcc-toolset-14-gcc-14.2.1-7.1.el8_10.ML.1 (AXSA:2025-9684:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9684:02 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : doxygen-1.9.1-12.el9_5 (AXSA:2025-9657:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9657:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : gcc-11.5.0-5.el9_5.ML.1 (AXSA:2025-9691:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9691:09 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : gcc-toolset-14-gcc-14.2.1-1.3.el9_5.ML.1 (AXSA:2025-9666:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9666:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

EUVD-2008-4437

Malware in sbrugna...

QMarkdown Cross-Site Scripting (XSS) vulnerability

QMarkdown aka quasar-ui-qmarkdown before 2.0.5 allows XSS via headers even when when no-html is set...

RLSA-2025:1210 Moderate: tbb security update

Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...

RHEL 7 : gcc (RHSA-2025:1580)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1580 advisory. The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes:...

Moderate: Red Hat Security Advisory: gcc security update

An update for gcc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

ALSA-2025:1314 Moderate: doxygen security update

Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code structure from undocumented source files. Security Fixes:...

RHEL 8 : gcc (RHSA-2025:1308)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1308 advisory. The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes:...

RHEL 8 : tbb (RHSA-2025:1216)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1216 advisory. Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance...

ALSA-2025:1210 Moderate: tbb security update

Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...

RHEL 9 : doxygen (RHSA-2025:1185)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1185 advisory. Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is...

RHEL 7 : doxygen (RHSA-2025:1256)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1256 advisory. Doxygen can generate an online class browser in HTML and/or a reference manual in LaTeX from a set of documented source files. The documentation is...

SUSE CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...