EUVD-2025-21513

Malicious code in bioql PyPI...

EUVD-2024-18832

Malicious code in bioql PyPI...

RLSA-2025:7497 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API CVE-2024-52316 tomcat: Apache Tomcat: DoS in examples web application CVE-2024-54677 tomcat: Potentia...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

tomcat9 security update

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tomcat is the servlet container that is used in the official Reference...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run o

...

SUSE CVE-2022-50434

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 size 512: comm "insmod", pid 308021, jiffies 4324277909 age 509.733s hex dump...

Django vulnerable to partial directory traversal via archives

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

GHSA-Q95W-C7QG-HRFF Django vulnerable to partial directory traversal via archives

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

CVE-2025-23292

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service UI component...

UBUNTU-CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

CVE-2023-53528 RDMA/rxe: Fix unsafe drain work queue code

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If createqp does not fully succeed it is possible for qp cleanup code to attempt to drain the send or recv work queues before the queues have been created causing a seg fault. This patch...

CVE-2023-53528 RDMA/rxe: Fix unsafe drain work queue code

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If createqp does not fully succeed it is possible for qp cleanup code to attempt to drain the send or recv work queues before the queues have been created causing a seg fault. This patch...

CVE-2025-59682

The CVE-2025-59682 issue affects Django versions 4.2<4.2.25, 5.1<5.1.13, and 5.2

PT-2025-40291

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.24 Django versions 5.1 through 5.1.12 Django versions 5.2 through 5.2.6 Description The django.utils.archive.extract function allows for potential directory traversal when handling archives with file paths that...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

CVE-2025-23292

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service UI component...

CVE-2025-23292

Summary : CVE-2025-23292 affects NVIDIA Delegated Licensing Service (DLS) for all appliance platforms. The vulnerability is a SQL injection in the DLS component that could allow an attacker to perform an unauthorized action, with potential partial denial of service affecting the UI. The CVSSv3.1 ...

NVIDIA Delegated Licensing Service 安全漏洞

NVIDIA Delegated Licensing Service is a licensing service from NVIDIA Corporation. A security vulnerability exists in NVIDIA Delegated Licensing Service, which stems from vulnerability to SQL injection attacks that could lead to a partial denial of service...