PT-2025-2634 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns a path traversal vulnerability. This could allow operators to download files from a local repository that is vulnerable to path traversal attacks...

CVE-2024-13230 Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.14 - Unauthenticated Limited SQL Injection via 'SuperSocializerKey'

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2025-1119)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.1 release.

Red Hat Developer Hub 1.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

FreeBSD : age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution (d9b0fea0-d564-11ef-b9bc-d05099c0ae8c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d9b0fea0-d564-11ef-b9bc-d05099c0ae8c advisory. Filippo Valsorda reports: A plugin name containing a path separator may allow an attacker to execute an...

CVE-2025-23795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ghuger Easy FAQs easy-faqs allows Stored XSS.This issue affects Easy FAQs: from n/a through = 3.2.1...

CVE-2025-23795 WordPress Easy FAQs plugin <= 3.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ghuger Easy FAQs easy-faqs allows Stored XSS.This issue affects Easy FAQs: from n/a through = 3.2.1...

PT-2025-5095 · Gold Plugins · Gold Plugins Easy Faqs

Name of the Vulnerable Software and Affected Versions: Gold Plugins Easy FAQs versions prior to 3.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject maliciou...

com.planonsoftware.app:com.planonsoftware.app.gradle.plugin (=0.0.1), com.planonsoftware:gradle.development.environment.plugin (=0.0.1) +28 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=5.0.0.Alpha1 <=5.0.5.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =5.0.0.Alpha1, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.27.1, =0.27.1, =9.5.7, =3.5.0, =0.7.6, =0.7.6, =0.7.6, =0.7.2, =4.1.5, =4.7.2 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8...

CVE-2024-45338 affecting package cni-plugins for versions less than 1.3.0-7

CVE-2024-45338 affecting package cni-plugins for versions less than 1.3.0-7. A patched version of the package is available...

USN-7200-1 roundcube vulnerability

It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrary files on the host’s file system...

SUSE: Security Advisory (SUSE-SU-2025:0069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : Roundcube vulnerability (USN-7200-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7200-1 advisory. It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrar...

SUSE: Security Advisory (SUSE-SU-2025:0067-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:0064-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2025:0063-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0063-1 advisory. - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds write in...

SUSE: Security Advisory (SUSE-SU-2025:0063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-base (SUSE-SU-2025:0065-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0065-1 advisory. - CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket. bsc1234415 ...

SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2025:0064-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0064-1 advisory. - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds...

SUSE SLES15 Security Update : gstreamer-plugins-good (SUSE-SU-2025:0067-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0067-1 advisory. - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. boo1234421 - CVE-2024-47537: Fixed an out-of-bounds...