CVE-2025-15029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...

EUVD-2026-0851

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...

EUVD-2026-0871

Missing Authorization vulnerability in Centreon Infra Monitoring Administration parameters API endpoint modules allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring...

PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...

PT-2026-1287

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 25.10.0 through 25.10.0 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 24.04.0 through 24.04.7 Description The software contains an Improper Neutralization of...

Scapy Packet Manipulation Tool 2.7.0

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answe...

PT-2026-25385

Name of the Vulnerable Software and Affected Versions SimpleEval versions prior to 1.0.5 Description SimpleEval is a Python library used for adding evaluatable expressions to projects. Before version 1.0.5, the library allowed dangerous modules to be accessed directly within the sandbox. This...

PT-2026-28316

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x, 22.x, 24.x and v25.x Description A flaw in Node.js HTTP request handling results in an uncaught TypeError when a request includes a header named proto and the application accesses req.headersDistinct. Specifically, dest"...

PT-2026-23621

Name of the Vulnerable Software and Affected Versions util-linux affected versions not specified Description An access control bypass exists due to improper hostname canonicalization. This issue affects the 'login -h' command and can lead to incorrect access control. The fix ensures correct acces...

WordPress Supreme Modules Lite plugin <= 2.5.52 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Supreme Modules Lite versions = 2.5.52...

SUSE-SU-2026:20036-1 Security update for dpdk

This update for dpdk fixes the following issues: Update to version 22.11.10. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver PMD allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface bsc1254161. Other updates and...

CVE-2023-54255

CVE-2023-54255 affects the Linux kernel with SH3/SH4/SH4A DMAC implementations. The vulnerability arises from incorrect DMA channel offset calculations when multiple DMA channels are distributed across up to two DMAC modules, which can trigger kernel panics. The described fix rewrites dma_base_ad...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android

Khora Exploit Framework v2.0 ============================ Mod...

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

EUVD-2025-205451

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

openSUSE 16 Security Update : cheat (openSUSE-SU-2025:20177-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20177-1 advisory. - Security: CVE-2025-47913: Fix client process termination bsc1253593 CVE-2025-58181: Fix potential unbounded memory consumption bsc1253922...