Astra Linux - уязвимость в firefox

An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory. Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitra...

SUSE-SU-2026:21374-1 Security update for erlang

This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes bsc1258663. - CVE-2026-23941: improper handling of duplicate Content-Length headers in...

OPENSUSE-SU-2026:20607-1 Security update for erlang

This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes bsc1258663. - CVE-2026-23941: improper handling of duplicate Content-Length headers in...

UBUNTU-CVE-2026-28861

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...

PT-2026-27584

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.4 iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Tahoe versions prior to 26.4 visionOS versions prior to 26.4 Description A logic issue exists due to improved state management. A malicious websit...

EUVD-2025-206883

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

CVE-2025-23025

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended,...

CVE-2025-54065

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

AlmaLinux 10 : valkey (ALSA-2025:19675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19675 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

CVE-2025-62265

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

ALSA-2025:19238 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

EUVD-2021-27278

Malware in sbrugna...

EUVD-2018-16900

Malware in sbrugna...

EUVD-2016-6100

Malware in sbrugna...

EUVD-2013-1254

Malware in sbrugna...

EUVD-2012-1847

Malware in sbrugna...

EUVD-2025-0066

Malicious code in bioql PyPI...

EUVD-2022-0969

Malicious code in bioql PyPI...

CVE-2025-29156

The CVE-2025-29156 entry concerns the Swagger Petstore sample (petstore) software, version 1.0.7, with a Cross Site Scripting (XSS) vulnerability in the /api/v3/pet endpoint. The root cause is input handling that allows crafted scripts to be processed, enabling a remote attacker to execute arbitr...