EUVD-2026-36126

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

CVE-2018-25316

CVE-2018-25316 affects Tenda W308R v2 (firmware V5.07.48). The issue is a cookie session weakness where insufficient session validation allows unauthenticated attackers to modify DNS settings via the goform/AdvSetDns endpoint by sending a crafted admin language cookie, enabling DNS changes that r...

Virtuozzo Infrastructure 7.2 Hotfix 2 (7.2.0-258) (formerly Virtuozzo Hybrid Infrastructure)

This update delivers important stability fixes and includes a product name change. Vulnerability id: VSTOR-122117 Improved monitoring and dashboard responsiveness on large clusters by optimizing metric caching. Vulnerability id: VSTOR-124715 Updates could fail on nodes with floppy drives...

CVE-2016-10861

Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password...

SUSE CVE-2025-34430

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

CVE-2025-34430

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

CVE-2025-65032 Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

CVE-2025-65032

Rallly is affected by an Insecure Direct Object Reference (IDOR) vulnerability in the Participant Display Name Modification feature. Prior to version 4.5.4, any authenticated user could change another participant’s display name by manipulating the participantId parameter in a rename request, comp...

Impact of Domain name or Hostname Change on Veeam Appliances

Challenge After changing the FQDN of a Veeam Appliance--either by adding it to a domain or changing its hostname--some operations may be impacted. Solution SAML Authentication May Stop Working After the host name of the Veeam Software Appliance is changed, the Service Provider SP information will...

EUVD-2017-16551

Malware in sbrugna...

EUVD-2025-27496

Malicious code in bioql PyPI...

EUVD-2024-47242

Malicious code in bioql PyPI...

EUVD-2024-17624

Malicious code in bioql PyPI...

CVE-2025-39896

CVE-2025-39896 (Linux kernel, open-source) The vulnerability affects the ivpu driver in the kernel’s accel path. It arises from recovery work being queued during device removal, potentially allowing use-after-free if recovery code accesses freed resources. The fix replaces cancel_work_sync() with...

Security update for regionServiceClientConfigGCE

This update for regionServiceClientConfigGCE contains the following fixes: Update to version 5.0.0. bsc1246995 SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. Update conditional to handle name change of metadata package in...

SUSE-SU-2025:03170-1 Security update for regionServiceClientConfigEC2

This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package...

SUSE SLES15 / openSUSE 15 Security Update : regionServiceClientConfigGCE (SUSE-SU-2025:03119-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03119-1 advisory. This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 5.0.0 bsc1246995 - SLE 16...

SUSE SLES15 / openSUSE 15 Security Update : regionServiceClientConfigEC2 (SUSE-SU-2025:03118-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03118-1 advisory. This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 - SLE 16...

SUSE-SU-2025:03118-1 Security update for regionServiceClientConfigEC2

This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package...

CVE-2024-6086

In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify...