CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

Security update for wget

This update for wget fixes the following issues: CVE-2021-31879: Authorization header disclosed upon redirects to different origins. bsc1185551 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

UBUNTU-CVE-2025-1181

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function bfdelfgcmarkrsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather...

DEBIAN-CVE-2025-1178

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfdputl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is...

PT-2025-6161 · Gnu +3 · Gnu Binutils +3

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.43 Description: A critical issue affects the function bfd elf gc mark rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The...

CVE-2025-24892 OpenProject stored HTML injection vulnerability

OpenProject is open-source, web-based project management software. In versions prior to 15.2.1, the application fails to properly sanitize user input before displaying it in the Group Management section. Groups created with HTML script tags are not properly escaped before rendering them in a...

AZL-56636 CVE-2025-1149 affecting package gdb 11.2-10

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rathe...

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46707)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46707 advisory. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49982)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49982 advisory. - In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free...

Azure Linux 3.0 Security Update: git-lfs (CVE-2024-53263)

The version of git-lfs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53263 advisory. - Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a...

GHSA-VJ7W-3M8C-6VPX SFTPGo has insufficient sanitization of user provided rsync command

Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...

PT-2025-16544 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue concerns a buffer overflow in the AdvSetMacMtuWan function through the serverName2 variable. This can potentially allow for unauthorized access or control. Recommendations: For Ten...

Cisco Secure Email and Web Manager SNMP Polling Information Disclosure (cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by a vulnerability. - A vulnerability in SNMP polling for Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain...

PT-2025-17048 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue is related to a Buffer Overflow in AdvSetMacMtuWan via cloneType2. This can potentially be exploited. No information is provided about the estimated number of affected devices or...

Cisco Secure Email Gateway SNMP Polling Information Disclosure (cisco-sa-esa-sma-wsa-snmp-inf-FqPvL8sX)

According to its self-reported version, Cisco Secure Email Gateway is affected by a vulnerability. - A vulnerability in SNMP polling for Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain...

Mitmweb API Authentication Bypass Using Proxy Server

Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...

CVE-2021-37710

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

CVE-2021-37859

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...