Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.15.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

Directory Traversal

Overview aws-sam-cli is an AWS SAM CLI is a CLI tool for local development and testing of Serverless applications Affected versions of this package are vulnerable to Directory Traversal through the symlink handling process. After completing a build, the content of those symlinks is copied to the...

CGA-WQ7P-WH7Q-RQV5

Bulletin has no description...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the $ shell API due to improper neutralization of user input. An attacker can exploit this by...

Origin Validation Error

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Origin Validation Error due to the CORS configuration on the server. An attacker can access unauthorized data and disclose information by sending requests from...

Drupal 10.3.x < 10.3.14 / 10.4.x < 10.4.5 / 11.x < 11.0.13 / 11.1.x < 11.1.5 Drupal Vulnerability (SA-CORE-2025-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.3.x prior to 10.3.14, 10.4.x prior to 10.4.5, 11.x prior to 11.0.13, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. - Improper Neutralization of Input During Web Page...

Linux Distros Unpatched Vulnerability : CVE-2017-9168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input- bmp.c:353:25. CVE-2017-9168 Note that Nessus relies on t...

UBUNTU-CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...

DEBIAN-CVE-2022-49107

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephreaddir when notelastdentry returns error Reset the lastreaddir at the same time, and add a comment explaining why we don't free lastreaddir when diremit returns false...

CVE-2022-49107 ceph: fix memory leak in ceph_readdir when note_last_dentry returns error

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephreaddir when notelastdentry returns error Reset the lastreaddir at the same time, and add a comment explaining why we don't free lastreaddir when diremit returns false...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the cephreaddir function not resetting lastreaddir when notelastdentry returns an error, which could lead to a...

WordPress Gift Cards plugin <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability

Missing Authorization to Unauthenticated Price, Date, and Note Updates vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Gift Vouchers versions = 4.4.9...

PT-2025-7782 · Red Os · Red Os

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns permission checks in Feedback activities, where restrictions related to Separate Groups mode were not properly considered before allowing users to view or delete responses...

CVE-2024-55630

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...

CVE-2024-55630

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

CVE-2024-55630 DOM Clobbering leads to temporary DOS in the note viewer in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application by Laurent Cozic, an individual developer. Joplin suffers from a cross-site scripting vulnerability that stems from not escaping HTML entities when adding a note title and the lack of a strict Content-Security-Policy, resulting in the...

CVE-2024-41819

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...