[SECURITY] [DSA 6300-1] node-shell-quote security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6219-1] pillow security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6219-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 19, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6023-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6023-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 10, 2025 https://www.debian.org/security/faq -...

EUVD-2005-0389

Malware in sbrugna...

Debian dsa-6001 : libcjson-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6001 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6001-1 [email protected] https://www.debian.org/security/...

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

CVE-2024-6668

The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

CVE-2024-12725

The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-11607

The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

[SECURITY] [DSA 5688-1] atril security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq -...

CVE-2024-3058

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-45207

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...

Cross site scripting

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...

PT-2024-13228 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 10.0 Description: An issue was discovered in Zimbra Collaboration, where an attacker can send a malicious PDF document through mail that contains JavaScript code. When this file is previewed in...

Debian: Security Advisory (DSA-5571-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5571-1] rabbitmq-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5518-1] libvpx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5518-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2023 https://www.debian.org/security/faq -...

WP Search Analytics < 1.4.8 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Debian: Security Advisory (DLA-3430-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...