DEBIAN-CVE-2025-1152

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

UBUNTU-CVE-2025-1150

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

PT-2025-6076 · Unknown · Cool-Admin-Java

Name of the Vulnerable Software and Affected Versions: cool-admin-java version v1.0 Description: A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the...

PT-2025-6077

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43 Description A memory leak issue has been found in the xstrdup function of the ld component. This issue can be exploited remotely, but the complexity of an attack is rather high, and the exploitability is difficult. Th...

Azure Linux 3.0 Security Update: emacs (CVE-2024-30203)

The version of emacs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30203 advisory. - In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 Note that Nessus has not...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42102)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42102 advisory. - In the Linux kernel, the following vulnerability has been resolved: Revert mm/writeback: fix possible...

Photon OS 4.0: Linux PHSA-2025-4.0-0742

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0742. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2022-35936

Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...

CVE-2024-43367

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

CVE-2024-45051

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CVE-2025-24971

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely wh...

CVE-2025-24971

DumpDrop is affected by an OS Command Injection in the /upload/init endpoint. The vulnerability can allow remote code execution when Apprise Notification is enabled. The issue is addressed in commit 4ff8469d and users are advised to patch. No public exploitation details are provided in the docume...

Important: bind

Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...

PT-2025-2152 · WordPress · Frictionless

Name of the Vulnerable Software and Affected Versions: Frictionless plugin for WordPress versions up to, and including, 0.0.23 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the frictionless form shortcode. This allows...

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service due to OpenSSL(CVE-2024-6119)

Summary The DataDirect ODBC driver shipped with IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service due to OpenSSL. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing...

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access SMA 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring...

PT-2025-5115 · Unknown · Mhr-Custom-Anti-Copy

Name of the Vulnerable Software and Affected Versions: MHR-Custom-Anti-Copy versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, a...

CVE-2024-13153 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CBL Mariner 2.0 Security Update: avahi (CVE-2023-38469)

The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38469 advisory. - A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord...