CVE-2024-47408

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcdv2extoffset when receiving proposal msg When receiving proposal msg in server, the field smcdv2extoffset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcdv2extoffset...

CVE-2024-56368

No public technical details about CVE-2024-56368 are provided in the connected documents; monitor for updates.

CVE-2024-49571 net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be ful...

CVE-2024-48875

In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...

CVE-2025-22596 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c'

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...

CVE-2024-56511 DataEase has an unauthorized vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...

SUSE-SU-2025:0062-1 Security update for gstreamer

This update for gstreamer fixes the following issues: - CVE-2024-47606: Avoid integer overflow when allocating sysmem. bsc1234449...

SUSE: Security Advisory (SUSE-SU-2025:0050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-13279

Drupal Two-factor Authentication (TFA) module suffers a Session Fixation vulnerability due to improper session handling. Affected versions are 0.0.0 up to but not including 1.8.0; CVSS 3.1 base score 9.8 (CRITICAL). Exploitation details are not provided in the documents; no in-the-wild exploit in...

CVE-2025-21628 Chatwoot has a Blind SQL-injection in Conversation and Contacts filters

Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of queryoperator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addi...

GitLab 15.7 < 17.5.5 / 17.6 < 17.6.3 / 17.7 < 17.7.1 (CVE-2024-6324)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Inefficient Algorithmic Complexity in GitLab CVE-2024-6324 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

CVE-2025-22140

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

CVE-2024-56776

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

CVE-2024-56774

In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfssearchslot Syzbot reports a null-ptr-deref in btrfssearchslot. The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When...

CVE-2024-56570

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovldentryweird function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause error...

PT-2025-1642 · WordPress · Adforest

Name of the Vulnerable Software and Affected Versions: AdForest theme for WordPress versions up to and including 5.1.6 Description: The issue arises from the plugin not properly validating a user's identity before updating their password through the adforest reset password function. This allows...

Juniper Junos OS Vulnerability (JSA92869)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA92869 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver jtd of Juniper Networks Junos OS Evolved allows an unauthenticated...

Joomla! XSS Vulnerability (20250102)

Joomla! is prone to a cross-site scripting XSS vulnerability in the id attribute of menu. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-2R2V-9PF8-6342 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

Impact Users of WireGuard Portal v2 who have OAuth or OIDC authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' buil...