Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 8 vulnerabilities (USN-8330-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8330-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly...

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

PT-2026-7972

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

Security update for chromium (important)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20183-1 Rating: important References: bsc1257650 Cross-References: CVE-2026-1861 CVE-2026-1862 Affected Products: openSUSE Leap 16.0...

CVE-2020-37161

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to...

CVE-2025-15532

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003928)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003928 advisory. The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on th...

CVE-2025-13063

A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected...

Malicious code in user-trace-fingerprint (npm)

The package user-trace-fingerprint was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b54bd77b470e3a22898330418ebfb04770ae12aa0de66208968d637cca6c03f2 Any computer that has this package installed or running should be considered full...

TencentOS Server 4: binutils (TSSA-2025:0612)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0612 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-8824 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-5227

A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2025-3850

CVE-2025-3850 affects YXJ2018 SpringBoot-Vue-OnlineExam 1.0. The issue is described as improper authentication within the component API processing, enabling remote exploitation with high attack complexity and reported public disclosure. Multiple connected sources reiterate the vulnerability again...

CVE-2024-2572

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been...

LEDVANCE com.ledvance.smartplus.eu 安全漏洞

LEDVANCE com.ledvance.smartplus.eu is a firmware program from LEDVANCE. A security vulnerability exists in LEDVANCE com.ledvance.smartplus.eu version 2.1.10, which originated from the inclusion of a vulnerability that could allow a remote attacker to obtain sensitive information through the...

PT-2024-38471 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A critical issue was found in the system, affecting the delete act.php file. The manipulation of the id argument leads to SQL injection. This issue can be...

PT-2024-23636 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue concerns a SQL injection vulnerability. It can be exploited via the "/admin/config ISCGroupSSLCert.php" API endpoint. This could potentially allow for remote attacks. Recommendations: For...

squid: Buffer over-read in the HTTP Message processing feature

A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service...

PT-2023-16935 · Xhcms · Xhcms

Name of the Vulnerable Software and Affected Versions: XHCMS version 1.0 Description: A critical issue has been found in the POST Parameter Handler component of the login.php file, where the manipulation of the user argument leads to SQL injection. This issue can be initiated remotely...

PT-2023-16632 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best POS Management System version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file billing/index.php?id=9. The manipulation of the id argument leads to sql...