CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

Security update for keylime

This update for keylime fixes the following issues: CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity bsc1254199. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload arbitrary files. An attacker can execute arbitrary scripts in the context of another user's browser by uploading malicious HTML or SVG files that are then rendered from the same domain as the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

PT-2026-3867

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

MiracleLinux 7 : firefox-91.3.0-1.0.1.el7.AXS7 (AXSA:2021-2530:32)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2530:32 advisory. Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Mozilla: iframe sandbox rules d...

MiracleLinux 9 : firefox-102.5.0-1.el9.ML.1 (AXSA:2023-5007:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5007:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

MiracleLinux 9 : webkit2gtk3-2.40.5-1.el9 (AXSA:2023-6828:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6828:17 advisory. webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to...

MiracleLinux 8 : webkit2gtk3-2.40.5-1.el8.ML.1 (AXSA:2023-7260:19)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7260:19 advisory. webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to...

MiracleLinux 9 : thunderbird-102.5.0-2.el9.ML.1 (AXSA:2023-5045:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5045:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.ML.1 (AXSA:2023-5964:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5964:10 advisory. webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code...

MiracleLinux 4 : firefox-60.9.0-1.0.1.AXS4 (AXSA:2019-4316:05)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4316:05 advisory. Mozilla: Sandbox escape through Firefox Sync CVE-2019-9812 Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9...

MiracleLinux 4 : firefox-38.2.0-4.0.1.AXS4 (AXSA:2015-442:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-442:07 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. With this update, following issues are...

MiracleLinux 4 : firefox-60.8.0-1.0.1.AXS4 (AXSA:2019-3929:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3929:04 advisory. Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 CVE-2019-11709 Mozilla: Sandbox escape via installation of malicious language...