CVE-2024-5805

Improper Authentication vulnerability in Progress MOVEit Gateway SFTP modules allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0...

CVE-2024-36435

An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards and CMM6 modules. An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC...

PT-2025-5698 · Wasmvm · Wasmvm

Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.2.0 through 2.2.1 wasmvm versions 2.1.0 through 2.1.4 wasmvm versions 2.0.0 through 2.0.5 wasmvm versions prior to 1.5.8 Description: The issue can be used to crash the chain and is present on both permissioned and...

Malicious code in safe-modules (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8910830c20437fe0cdc2496ec1c70717d8b37ebfb5d3682d94e64492d5265f9d Any computer that has this package installed or running should be considered...

MAL-2025-1230 Malicious code in safe-modules (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8910830c20437fe0cdc2496ec1c70717d8b37ebfb5d3682d94e64492d5265f9d Any computer that has this package installed or running should be considered...

SUSE-SU-2025:20108-1 Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: - Make sure the correct FW package is installed on non-CUDA. - only obsolete 555 CUDA driver/firmware packages - For CUDA: update version to 565.57.01 - Add 'dummy' firmware package on SLE to work around update issues. On...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2025:0327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0327-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the...

Arbitrary Code Execution

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Arbitrary Code Execution in the importmodules function, which can import arbitrary built-in modules such a...

CVE-2024-44055

Server-Side Request Forgery SSRF vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through 3.3.8...

CVE-2024-44055 WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through 3.3.8...

CVE-2024-44055

CVE-2024-44055 is an SSRF vulnerability in the WordPress Oshine Modules plugin. Public details in Connected docs show the issue affects Oshine Modules and were fixed in version 3.3.8 (patched). Affected components: NotFound Oshine Modules; root cause described as unauthenticated SSRF. Remediation...

CVE-2024-44055 WordPress Oshine Modules plugin < 3.3.6 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through 3.3.8...

WordPress plugin Oshine Modules 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists...

PT-2025-2672 · Unknown · Oshine Modules

Name of the Vulnerable Software and Affected Versions: Oshine Modules affected versions not specified Description: The issue is a Server-Side Request Forgery SSRF vulnerability in NotFound Oshine Modules. This type of vulnerability allows an attacker to trick the server into making requests to...

GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches

Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...

Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

GO-2025-3424 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 in github.com/Xe/x

Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 in github.com/Xe/x. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

SUSE SLES15 Security Update : podman (SUSE-SU-2025:0267-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0267-1 advisory. - CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause...

Security Bulletin:cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl Vulnerability Affects IBM Data Observability by Databand (CVE-2024-6119)

Summary A vulnerability in cryptography-42.0.7-cp39-abi3-manylinux228x8664.whl was addressed in IBM Data Observability by Databand Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g.,...

Security Bulletin: IBM Data Product Hub uses Node.js axios & elliptic modules which are vulnerable (CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461)

Summary IBM Data Product Hub has dependencies on Node.js axios & elliptic modules which are vulnerable CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-42461...