617 matches found
Oracle Linux 9 : evince (ELSA-2026-27819)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-27819 advisory. - Sanitize arguments CVE-2026-46529 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...
CVE-2026-27136
A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting XSS attacks in applications. Such attacks can result in information...
openSUSE 16 Security Update : kea (openSUSE-SU-2026:20452-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20452-1 advisory. Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message...
OPENSUSE-SU-2026:20452-1 Security update for kea
This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...
SUSE-SU-2026:20989-1 Security update for kea
This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. An attacker can cause excessive CPU consumption and block the event loop by supplying crafted extglob patterns that trigger catastrophic backtracking i...
CLSA-2026-1772013351 glibc: Fix of CVE-2026-0915
CVE-2026-0915: prevent leak of stack contents to configured DNS resolver when getnetbyaddr or getnetbyaddrr query a zero-valued network with DNS backend in nsswitch.conf; sanitize stack buffers and add input validation; eliminate exposure of uninitialized data...
CVE-2026-20663
The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps...
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
CVE-2025-68457 Orejime has executable code in HTML attributes
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...
CVE-2023-53803 scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess A fix for: BUG: KASAN: slab-out-of-bounds in sesenclosuredataprocess+0x949/0xe30 ses Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after a...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990312 advisory. In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventms...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ublk: It is necessary to sanitize the arguments from userspace when adding a device. The Sanity function checks the values for queue depth and the number of queues that we obtain from userspace when adding a device...
EUVD-2021-2406
Malware in sbrugna...
EUVD-2021-0616
Malware in sbrugna...
EUVD-2021-0721
Malware in sbrugna...
EUVD-2021-1432
Malware in sbrugna...
Unity Linux 20.1070e Security Update: golang (UTSA-2025-986182)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986182 advisory. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit...
EUVD-2022-4097
Malicious code in bioql PyPI...
EUVD-2023-0917
Malicious code in bioql PyPI...