PT-2025-40529

Name of the Vulnerable Software and Affected Versions Qt versions 6.7.0 through 6.9.0 Qt6-svg qtsvg-opensource-src Description The issue is a use-after-free condition within the Qt framework, specifically related to the parsing of SVG files. The renderPattern function and the SVG module are...

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

CVE-2024-55931

The CVE-2024-55931 affects Xerox Workplace Suite. It discloses that tokens are stored in sessionStorage, which could be exposed if a user’s session is compromised. The vulnerability’s impact includes Confidentiality loss (per CVSS: High; I/N/A: none). Root cause is storage of tokens in session st...

CVE-2023-32189

Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys...

GO-2024-2984 Linkerd potential access to the shutdown endpoint in github.com/linkerd/linkerd2

Linkerd potential access to the shutdown endpoint in github.com/linkerd/linkerd2...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3182-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3182-1 advisory. The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following...

Cross-site Scripting (XSS)

Activity Stream is vulnerable to cross-site scripting XSS. It can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Strea...

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

Security Bulletin: IBM MQ Appliance potential access to queue manager private keys (CVE-2015-1985)

Summary There is potential for malicious users to access IBM MQ Appliance queue manager private keys without requiring knowledge of the password. Vulnerability Details CVEID: CVE-2015-1985 DESCRIPTION: IBM MQ Appliance M2000 could allow a malicious user with read authority to copied key repositor...

CVE-2017-9339

A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token...