PT-2025-12207 · Unknown · Netease-Youdao/Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: A Cross-Origin Resource Sharing CORS misconfiguration exists that allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly...

SUSE CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

CVE-2025-22493

CVE-2025-22493 affects Foreseer Reporting Software (FRS). The issue stems from the secure flag not being set and SameSite configured to Lax, allowing session cookies to be transmitted over unencrypted HTTP connections. The Red Hat and NVD/NIST records confirm the vulnerability description and ind...

Linux Distros Unpatched Vulnerability : CVE-2015-5236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the...

Linux Distros Unpatched Vulnerability : CVE-2013-1714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, an...

Linux Distros Unpatched Vulnerability : CVE-2010-1213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and...

Linux Distros Unpatched Vulnerability : CVE-2011-2981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properl...

Linux Distros Unpatched Vulnerability : CVE-2011-2983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.inp...

Linux Distros Unpatched Vulnerability : CVE-2011-2999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle location as the name of a frame, which...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the drag-drop action on the Web-UI. An attacker can execute arbitrary JavaScript with the same privileges as the user by tricking them into dragging a maliciously-named, zero-byte file into the interface...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...

requests: subsequent requests to the same host ignore cert verification

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actapi: fixed a possible infinite loop in tcfidrcheckalloc The syzbot detected tasks that were stuck while waiting for rtnllock 1 A reproducer is available in the syzbot bug report. When a request is made to add...

Astra Linux - уязвимость в git

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

PT-2025-6133 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce affected versions not specified Description: The issue is related to SAP Commerce setting certain cookies with the SameSite attribute configured to None by default. This includes authentication cookies used in SAP Commerce...

Azure Linux 3.0 Security Update: php (CVE-2024-2756)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2756 advisory. - Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and...

CVE-2020-11069

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...