UBUNTU-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-24975

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through = 2.1.2...

CVE-2026-4438

CVE-2026-4438 concerns gethostbyaddr/gethostbyaddr_r built against an NSS DNS backend as configured in glibc (versions 2.34–2.43). The issue can cause an invalid DNS hostname to be returned to the caller, violating DNS specifications. Details originate from NVD/CVE records and the Sourceware bug ...

CVE-2026-21490 iccDEV has heap buffer overflow in CIccTagLut16::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

EUVD-2026-1148

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum. This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-11573

An infinite loop issue in Amazon.IonDotnet library versions...

EUVD-2020-3563

Malware in sbrugna...

CVE-2025-36239

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-43192

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

@0cfg/utils-node (>=0.1.2 <=0.1.8), @b0ase/path402-api (=4.0.0-alpha.1) +262 more potentially affected by CVE-2025-6545 via pbkdf2 (>=3.0.12 <=3.1.2)

pbkdf2 NPM version =3.0.12, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.38.0, =1.45.0, =1.1.14, =1.20.2, =1.3.13, =3.8.1, =4.26.0 and more Source cves: CVE-2025-6545 Source advisory: OSV:GHSA-H7CP-R72F-JXH6...

ALSA-2025:8636 Important: perl-FCGI security update

FastCGI Perl bindings. Security Fixes: perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2025-28866

Cross-Site Request Forgery CSRF vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1...

SUSE-SU-2024:4407-1 Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative

This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in nett...

AZL-54449 CVE-2024-45338 affecting package ig for versions less than 0.32.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

PT-2024-31956 · Public Knowledge · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: Public Knowledge Project pkp-lib versions 3.4.0-7 and earlier Description: The issue is related to an Open redirect vulnerability due to a lack of input sanitization in the logout function. Recommendations: For Public Knowledge Project pkp-li...

CVE-2024-44572

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sysmgmt function...

CVE-2024-38728

Server-Side Request Forgery SSRF vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9...

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

CVE-2024-2632 Information Exposure Vulnerability on Meta4 HR

A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET...