Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extr...

Google Chrome Security Update (stable-channel-update-for-desktop-2025-12) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Fedora: Security Advisory (FEDORA-2025-33885cfff8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XWiki 1.6 < 15.10.16, 16.0.0 < 16.4.6, 16.5.0 < 16.10.1 SQLi Vulnerability (GHSA-g9jj-75mx-wjcx)

Xwiki is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56785)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56785 advisory. - In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe...

CBL Mariner 2.0 Security Update: avahi (CVE-2023-38472)

The version of avahi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38472 advisory. - A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

Wireshark Security Update (wnpa-sec-2023-28) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

PT-2024-27250 · Intel · Intel Vtune Profiler

Name of the Vulnerable Software and Affected Versions: IntelR VTuneTM Profiler versions prior to 2024.2.0 Description: The issue is related to improper input validation, which may allow an authenticated user to potentially enable denial of service via local access. Recommendations: For versions...

CVE-2024-3866

CVE-2024-3866 refers to the Ninja Forms Contact Form plugin for WordPress, vulnerable up to version 3.8.15. The issue is a Reflected Self-Based Cross-Site Scripting via the Referer header caused by insufficient input sanitization and output escaping. It can allow unauthenticated attackers to inje...

PT-2024-28105 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form plugin for WordPress versions up to, and including, 3.8.15 Description: The issue is related to Reflected Self-Based Cross-Site Scripting via the 'Referer' header due to insufficient input sanitization and output...

CVE-2022-21660 Missing authorization in gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds...

Information disclosure

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the security policy in place...

Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

Overview The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP...