Nagios XI <5.8.5 - Open Redirect

Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-29272 info: name: Nagios XI 5.8.5 - Open Redirect...

Advisory ROSA-SA-2026-3146

Software: grafana 9.2.10 OS: ROSA Virtualization 3.1 unaffected versions = grafana-9.2.10-27.rv31 affected versions grafana-9.2.10-27.rv31 CVE-ID: CVE-2025-22871 BDU-ID: 2025-04014 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the net/http package of the Go programming language is related to...

Advisory ROSA-SA-2025-3094

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...

Fedora 43 : chromium (2025-31f0d8bfa9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-31f0d8bfa9 advisory. Update to 142.0.7444.59 High CVE-2025-12428: Type Confusion in V8 High CVE-2025-12429: Inappropriate implementation in V8 High CVE-2025-12430: Objec...

Advisory ROSA-SA-2025-3000

software: grub2 2.06 WASP: ROSA-CHROME unaffected versions = grub2-2.06-24 affected versions grub2-2.06-24 CVE-ID: CVE-2024-45779 BDU-ID: 2025-03832 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BFS file system of the Grub2 operating system boot loader is related to reads outside the allowed...

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration &amp; Cookie Reuse

!/usr/bin/env python3 """ Exploit Title: FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse Date: 2025-06-15 Exploit Author: Shahid Parvez Hakim BugB Technologies Vendor Homepage: https://www.fortinet.com Software Link: https://www.fortinet.com/products/secure-sd-wan/fortigate...

WordPress Traffic Monitor plugin <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by ch4r0n in WordPress Plugin Traffic Monitor versions = 3.2.2...

Advisory ROSA-SA-2025-2889

Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-32.0.1.rv30 CVE-ID: CVE-2025-3576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the MIT Kerberos implementation allows an attacker to spoof messages protected by GSSAPI using RC4-HMAC-MD5 due to...

Security Advisory May 2025 Ivanti Neurons for MDM (N-MDM)

Update 5 August, 2025: Added additional information on security issue fixed in R114. Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses two medium severity vulnerabilities. Successful exploitation could allow a remote unauthenticated attacker to edit or delete...

WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

Advisory ROSA-SA-2025-2774

Software: kernel kernel OS: ROSA Virtualization 3.0 packageevrstring: kernel-kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2024-1086 BDU-ID: 2024-01187 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftverdictinit function in the net/netfilter/nftablesapi.c module of the Linux operating system...

Advisory ROSA-SA-2025-2579

software: suricata 6.0.20 WASP: ROSA-CHROME packageevrstring: suricata-6.0.20-2 CVE-ID: CVE-2024-45796 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Suricata allows an attacker to cause a failure in the reassembly of traffic fragments. CVE-STATUS: The vulnerability has been resolved...

Advisory ROSA-SA-2024-2543

software: trousers 0.3.14 WASP: ROSA-CHROME packageevrstring: trousers-0.3.14-5 CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in TrouSerS: Vulnerability to create system.data files when running the tcsd daemon with root privileges. CVE-STATUS: The vulnerability has...

Advisory ROSA-SA-2024-2459

Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...

CVE-2024-0804

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Advisory ROSA-SA-2023-2224

software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15-2.src.rpm CVE-ID: CVE-2021-34431 BDU-ID: 2022-01775 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message i...

Advisory ROSA-SA-2023-2176

Software: git 1.8.3.1 OS: rosa-server79 packageevrstring: git-1.8.3.1-25.res7 CVE-ID: CVE-2023-25652 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git app...

Advisory ROSA-SA-2023-2161

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...

APSB22-48: Security updates available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical and medium vulnerability. Successful exploitation could lead to arbitrary code execution and security feature bypass...