Linux Distros Unpatched Vulnerability : CVE-2025-52926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface. CVE-2025-52926 Note that Nessus relies...

Linux Distros Unpatched Vulnerability : CVE-2025-49175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leadi...

Linux Distros Unpatched Vulnerability : CVE-2021-3481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelperp.h in Qt/Qtbase. While...

GHSA-RX7M-68VC-PPXH PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

SUSE-SU-2025:02968-1 Security update for libqt4

This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...

Linux Distros Unpatched Vulnerability : CVE-2017-2818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large...

Linux Distros Unpatched Vulnerability : CVE-2019-7344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the...

CVE-2025-38674

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dmabuf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes NU...

Linux Distros Unpatched Vulnerability : CVE-2017-2814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing...

SUSE CVE-2025-38672

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dmabuf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes...

CVE-2025-38673 Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance"

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dmabuf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field...

CVE-2025-38669 Revert "drm/gem-shmem: Use dma_buf from GEM object instance"

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dmabuf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field become...

[SECURITY] Fedora 41 Update: webkitgtk-2.48.5-1.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.2)

The version of AHV installed on the remote host is prior to AHV-10.0.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.2 advisory. - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...

CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

TencentOS Server 4: webkit2gtk4.1 (TSSA-2025:0672)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0672 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

Linux Distros Unpatched Vulnerability : CVE-2024-42260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace...

CVE-2025-55303

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...