EUVD-2024-22474

Malicious code in bioql PyPI...

EUVD-2024-40665

Malicious code in bioql PyPI...

Security Bulletin: urllib3 Proxy-Authorization header only applies with ProxyManager, not direct requests

Summary urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

Fedora: Security Advisory (FEDORA-2025-9a83222bca)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-27432 Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

The eDocument Cockpit Inbound NF-e in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction an...

Linux Distros Unpatched Vulnerability : CVE-2025-24807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.6.10, 2.10.7,...

CVE-2024-47576

CVE-2024-47576 concerns the SAP Product Lifecycle Costing Client (versions

CVE-2023-52290

CVE-2023-52290 affects Apache StreamPark’s streampark-console prior to version 2.1.4. The vulnerability arises from unvalidated sort field input used to build SQL queries in list pages (e.g., application pages), enabling SQL injection after an authenticated user logs in. Impact is described as da...

WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.13 Fixed in 8.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47834 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f34de2f1d2a5 Credits emad Required privilege...

USN-17-1: passwd vulnerability

Martin Schulze and Steve Grubb discovered a flaw in the authentication input validation of the "chfn" and "chsh" programs. This allowed logged in users with an expired password to change their real name and their login shell without having to change their password. This flaw cannot lead to...