HP System Optimizer - Escalation of Privilege

HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. HP has identified affected versions and the minimum version 1101.2603 that mitigates the potential vulnerability...

Malicious code in kaus-umbra-dotenv-safe-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bb7c8de543f5e9ad796c6b27d6f2de5bb8f1d974f1f4ee10a094e731139c606 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111956

Malicious code in kaus-umbra-dotenv-safe-version npm...

MAL-2025-144157 Malicious code in kaus-umbra-dotenv-safe-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bb7c8de543f5e9ad796c6b27d6f2de5bb8f1d974f1f4ee10a094e731139c606 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux Distros Unpatched Vulnerability : CVE-2024-50306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from...

CVE-2022-30885

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2...

CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...

CVE-2025-29927 Authorization Bypass in Next.js Middleware

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to ...

CVE-2025-26865

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only...

CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

PT-2024-6887 · Adobe · Lightroom Desktop

Name of the Vulnerable Software and Affected Versions: Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass...

PT-2022-37340 · Pypi · Democritus-Csv +1

Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-csv package, which was inserted by a third party. Recommendations:...

Regular Expression Denial of Service

Overview All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values. Recommendation Avoid using dat.gui as there is no current safe version of this module References - CVE - GitHub Advisory...

SOL15875 - cURL vulnerability CVE-2013-1944

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

CVE-2014-3967

The HVMOPinjectmsi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service NULL pointer dereference and crash via unspecified vectors...

Mac OS X : Java for Mac OS X 10.6 Update 9

The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 9, which updates the Java version to 1.6.033. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...

BBCode XSS in XOOPS CMS

Informations : °°°°°°°°°°°°° Language : PHP Bugged Versions : 1.3.x and less + 2.0.x and less ? not checked Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°°°°°°°°°°°°°°°°°° This hole can be used in modules : - Private Messages - News - NewBB forum...