CVE-2025-54784

SuiteCRM 7.14.0–7.14.6 contains a Cross Site Scripting (XSS) vulnerability in the email viewer. An attacker can trigger payloads by a logged-in user simply viewing emails, potentially allowing arbitrary actions, data extraction, or takeover if the user is an admin. A fix is available in version 7...

CVE-2025-54783

CVE-2025-54783 affects SuiteCRM up to version 7.14.6, with a reflected XSS vulnerability triggered by modifying the HTTP Referer header to inject JavaScript. The server may block the domain but still execute the injected script. Remediation is to upgrade to SuiteCRM 7.14.7 or later. No exploitati...

Linux Distros Unpatched Vulnerability : CVE-2022-49768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 9p: transfd/p9conncancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to loca...

Linux Distros Unpatched Vulnerability : CVE-2020-26964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to th...

Linux Distros Unpatched Vulnerability : CVE-2023-52927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: allow exp not to be removed in nfctfindexpectation Currently nfconntrackin calling nfctfindexpectation will remove the exp from the hash table...

Linux Distros Unpatched Vulnerability : CVE-2024-57877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMPOE Currently poeset doesn't initialize the...

Linux Distros Unpatched Vulnerability : CVE-2021-2412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily...

CVE-2025-38051 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38051 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-38035 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38035 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-38332 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38332 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-38208 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38208 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-20215

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

CVE-2025-8516

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file...

CVE-2025-48394

CVE-2025-48394 affects Eaton CLI (and related Eaton devices noted in connected sources). A privileged, authenticated attacker could modify the contents of a non-sensitive file by traversing the path in the CLI’s limited shell. The issue is mitigated by a fix in the latest Eaton-supplied version a...

CVE-2025-6013 Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

SUSE CVE-2025-52901

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...

SUSE CVE-2025-52997

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

CVE-2025-51531

A reflected cross-site scripting XSS vulnerability in Sage DPW 202412004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that th...

Linux Distros Unpatched Vulnerability : CVE-2017-18075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AFALG-based AEAD interface...

Linux Distros Unpatched Vulnerability : CVE-2018-13258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. CVE-2018-13258 No...