Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Fixed insecure fi...

PT-2026-6334

Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions 0.1.0 through 0.9.5 Notepad++ versions prior to 8.8.2 Description BrowserStack Runner contains a path traversal issue in the default HTTP handler within lib/server.js. This allows unauthenticated network-adjacent...

CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

EUVD-2025-16210

Malicious code in bioql PyPI...

EUVD-2025-19601

Malicious code in bioql PyPI...

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-24914

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. -...

WordPress NextGEN Gallery plugin <=2.2.46 - Gallery Paths Not Secured

Telefonica Cybersecurity Unit found an issue with insecure paths in WordPress NextGEN Gallery plugin versions =2.2.46. Solution Update the WordPress NextGEN Gallery plugin to the latest available version at least 2.2.50...

Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)

This host is missing an important security update according to Microsoft Bulletin MS12-021. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

OpenLDAP, Gauche: RUNPATH issues

Background OpenLDAP is a suite of LDAP-related application and development tools. Gauche is an R5RS Scheme interpreter. Description Gentoo packaging for OpenLDAP and Gauche may introduce insecure paths into the list of directories that are searched for libraries at runtime. Impact A local attacke...

GLSA-200511-02 : QDBM, ImageMagick, GDAL: RUNPATH issues

The remote host is affected by the vulnerability described in GLSA-200511-02 QDBM, ImageMagick, GDAL: RUNPATH issues Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtime. Furthermore, packages depending on the MakeMaker Perl module for...

GLSA-200510-14 : Perl, Qt-UnixODBC, CMake: RUNPATH issues

The remote host is affected by the vulnerability described in GLSA-200510-14 Perl, Qt-UnixODBC, CMake: RUNPATH issues Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtime. Furthermore, packages depending on the MakeMaker Perl module fo...

Hassan Consulting Shopping Cart 1.18 - Directory Traversal

Hassan Consulting Shopping Cart 1.18 - Directory Traversal source: https://www.securityfocus.com/bid/1777/info The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will displa...