📄 Flowise 3.0.6 JS Parsing Injection

A JavaScript parsing injection vulnerability exists in Flowise versions prior to 3.0.6 and greater than 2.2.7-patch.1. ============================================================================================================================================= | Title : Flowise 3.0.6 JS Parsing...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP7) (SUSE-SU-2025:03572-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03572-1 advisory. This update for the Linux Kernel 6.4.0-1506002347 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...

EUVD-2017-5506

Malware in sbrugna...

EUVD-2021-9677

Malicious code in bioql PyPI...

CVE-2025-48990

NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in rtcopymemory, which unconditionally wrote a null terminator at dstlen. When len equals the size of the destination buffer 256 bytes, that extra '\0' write overruns the buffer by one byte. To avo...

SUSE-SU-2024:3626-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 - CVE-2024-40909: bpf: Fix a potential use-after-free in bpflinkfree bsc1228349...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:2488-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2488-1 advisory. This update for the Linux Kernel 5.14.21-150500557 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed...

SUSE-SU-2024:2094-1 Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-150500135 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables bsc1222118. - CVE-2024-26852: Fixed use-after-free in ip6routempathnotify bsc1223059...

Release Information for Veeam Backup for Microsoft Azure 6 Patch 1

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure 6 build 6.0.0.234 or later before upgrading. You can find the currently installed build number Server version in the About section under Configuration | Support Information | Updates. After installing Veeam...

Release Information for Veeam Backup for Google Cloud 5 Patches

Requirements Please confirm that you are running version Veeam Backup for Google Cloud 5 build 5.0.0.1297 or later before upgrading. You can find the currently installed build number Server version in the About section under Configuration | Support Information | Updates. After installing Veeam...

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) (SUSE-SU-2023:3055-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2023:3659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP4) (SUSE-SU-2023:4201-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4201-1 advisory. - A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update

Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2023-14286 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec prior to Patch 10 Hot Fix 8b ServiceNow versions Rome prior to Patch 10 Hot Fix 1 ServiceNow versions San Diego prior to Patch 7 ServiceNow versions Tokyo prior to Tokyo Patch 1 ServiceNow versions Utah prior to Uta...

CVE-2023-33009

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.60 through 5.36 Patch 1, USG20W-VPN firmware versions 4.60 through 5.36 Patch...

Zyxel USG < 5.36 / ATP < 5.36 / VPN < 5.36 / ZyWALL < 4.73 Patch 1 (RCE) (CVE-2023-28771)

Firmware version of the Zyxel USG, ATP, or VPN is less than 5.36 or the version of Zyxel ZyWall is less than 4.73 Patch 1. This Zyxel device firmware contains improper error message handling logic which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafte...

Release Information for Veeam Backup for Google Cloud 4 Patch 1

Requirements Before installing this patch, please confirm that you are running Veeam Backup for Google Cloud 4 build 4.0.0.1072. You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the main menu in...

AZL-43480 CVE-2023-25563 affecting package gssntlmssp 0.9.0-2

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...