CVE-2025-69647 affecting package binutils for versions less than 2.41-11

CVE-2025-69647 affecting package binutils for versions less than 2.41-11. A patched version of the package is available...

RLSA-2026:6439 Important: libpng15 security update

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng. Security Fixes: libpng: LIBPNG has a heap buffer overflow i...

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...

PT-2026-4299

Name of the Vulnerable Software and Affected Versions Dragonfly versions 2.4.1-rc.0 through 2.4.1-rc.0 Dragonfly versions 2.x Description Dragonfly Manager's Job API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs. This could lead to...

CoreDNS 安全漏洞

CoreDNS is a DNS server for the CoreDNS community. A security vulnerability exists in versions of CoreDNS prior to 1.14.0, which stems from a lack of resource limiting controls and could lead to memory exhaustion and service crashes...

GNU Privacy Guard 2.4.9

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

Mozilla Firefox ESR < 31.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 31.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2014-90 advisory. - jemalloc poisoning plus Apple uninitialized variable usage triggers keylogging in /tmp/ on OSX 10.10CVE-2014-1595...

EUVD-2024-55053

Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated...

CVE-2016-15053 Nagios XI < 5.2.4 XSS via “My Reports” Listing

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

Linux Distros Unpatched Vulnerability : CVE-2022-22751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...

PT-2024-16674 · Devolutions · Devolutions Dvls

Name of the Vulnerable Software and Affected Versions: Devolutions DVLS versions 2024.3.7 and earlier Description: The issue is related to improper access control in the Password History feature, allowing a malicious authenticated user to obtain sensitive data due to faulty permission. The...

SUSE CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

CVE-2022-42733

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s...

PT-2022-3775 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.29 and prior Description: The issue is related to the Server: Federated component of Oracle MySQL Server and is caused by errors in resource release. It allows a high-privileged attacker with network access vi...

AZL-44262 CVE-2021-30465 affecting package buildah for versions less than 1.41.4-2

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...

Fedora 25 : libdb (2017-372bb1edb3)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...