Samba Unauthenticated Remote Code Execution

The printing subsystem of Samba suffers from an unauthenticated remote code execution vulnerability. Samba 4.22.10, 4.23.8 and 4.24.3 have been issued as security releases to correct the defect...

PT-2026-26942

Name of the Vulnerable Software and Affected Versions Suricata affected versions not specified Description Security issues have been resolved in the libsuricata8 0 4-8.0.4-1.1 package on openSUSE Tumbleweed. Recommendations At the moment, there is no information about a newer version that contain...

PT-2026-26939

Name of the Vulnerable Software and Affected Versions Suricata affected versions not specified Description Security issues have been resolved in the libsuricata8 0 4-8.0.4-1.1 package on openSUSE Tumbleweed. Recommendations At the moment, there is no information about a newer version that contain...

CVE-2026-0712

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01,...

CVE-2026-22639

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

PT-2026-3006

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 10.4.19+security-01 Grafana versions prior to 11.2.10+security-01 Grafana versions prior to 11.3.7+security-01 Grafana versions prior to 11.4.5+security-01 Grafana versions prior to 11.5.5+security-01 Grafana versions...

EUVD-2016-7363

Malware in sbrugna...

UBUNTU-CVE-2025-6023

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01,...

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

CVE-2024-53277 - XSS in form messages

More info at https://www.silverstripe.org/download/security-releases/cve-2024-53277...

USN-7145-1: Expat vulnerability

It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...

November 21, 2024—KB5046732 (OS Builds 22621.4541 and 22631.4541) Preview

November 21, 2024—KB5046732 OS Builds 22621.4541 and 22631.4541 Preview 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for...

July 9, 2024—KB5040498 (Security-only update)

July 9, 2024—KB5040498 Security-only update Change log Change date| Change description ---|--- August 13, 2024| The BitLocker Recovery screen known issue is resolved in update KB5041823. December 13, 2024| Added the improvement bullet point of how IT administrators should set up remote paths for...

Node.js 18.x < 18.20.4 / 20.x < 20.15.1 / 22.x < 22.4.1 Multiple Vulnerabilities (Monday, July 8, 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.4, 20.15.1, 22.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Monday, July 8, 2024 Security Releases advisory. - The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut...

Node.js 18.x < 18.20.2 / 20.x < 20.12.2 / 21.x < 21.7.3 Command Injection Vulnerability (Wednesday, April 10, 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.2, 20.12.2, 21.7.3. It is, therefore, affected by a command injection vulnerability as referenced in the Wednesday, April 10, 2024 Security Releases advisory. This is due to the improper handling of batch files in...

Node.js 18.x < 18.20.1 / 20.x < 20.12.1 / 21.x < 21.7.2 Multiple Vulnerabilities (Wednesday, April 3, 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.1, 20.12.1, 21.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, April 3, 2024 Security Releases advisory. - An attacker can make the Node.js HTTP/2 server completely unavailable by...

Node.js 18.x < 18.19.1 / 20.x < 20.11.1 / 21.x < 21.6.2 Multiple Vulnerabilities (Wednesday February 14 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.19.1, 20.11.1, 21.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday February 14 2024 Security Releases advisory. - On Linux, Node.js ignores certain environment variables if those may have...

typo3-{11,12} -- multiple vulnerabilities

Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...

CVE-2023-49783 No permission checks for editing or deleting records with CSV import form

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-49783...

Mageia: Security Advisory (MGASA-2023-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...