EUVD-2023-2749

Malicious code in bioql PyPI...

EUVD-2025-3597

Malicious code in bioql PyPI...

EUVD-2022-1411

Malicious code in bioql PyPI...

CVE-2025-39912

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred == current-cred in putcred when it puts the nfsdfile-nffile-f-cred...

CVE-2025-46152

CVE-2025-46152 affects PyTorch where bitwise_right_shift can produce incorrect output for certain out-of-bounds values of the OTHER argument. Affected versions include PyTorch before 2.7.0; a patched version is available. The connected Mariner data notes PyTorch packages less than 2.2.2-9 are aff...

CVE-2025-59335 CubeCart Session Not Invalidated After Password Change

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized use...

Firefox -- Spoofing issue in the Site Permissions component

https://bugzilla.mozilla.org/showbug.cgi?id=1665334 reports: Spoofing issue in the Site Permissions component...

CVE-2025-27238 API hostprototype.get lists data to users with insufficient authorization.

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

Security Bulletin: Publicly disclosed libcurl vulnerabilities affects IBM Safer Payments (CVE-2024-9681)

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-9681 DESCRIPTION: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making ...

Django: Path traversal via archive.extract - CVE 2021-3281 incomplete patch

A vulnerability was discovered in the "extract" function of the ZipArchive and TarArchive classes in the Django framework. The vulnerability was caused by the use of the "abspath" function, which removes terminating path separators. This made the guard logic protection insufficient to protect...

Grub2: commands/extcmd: missing check for failed allocation

...

Linux Distros Unpatched Vulnerability : CVE-2019-11747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Forget about this site feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removin...

Linux Distros Unpatched Vulnerability : CVE-2022-49998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning a...

Linux 6.9 AF_UNIX MSG_OOB Handling Use-After-Free

Linux versions starting at 6.9 have a security bug in the handling of MSGOOB, which causes use-after-free read+write when a sequence of syscalls is executed...

Nextcloud: Calendar app allowed booking appointments without the generated token

The calendar app was found to allow booking appointments without the necessary generated token, which could have led to unauthorized access...

CVE-2025-36005

creationtimestamp| type| source ---|---|--- 2025-07-24 15:37:25+00:00| seen| Telegram/FmERFHduQ4QwCKEAARjOVOiKQthNn2TXYUtvuft7M0NYh1g...

CVE-2025-54090

Summary of CVE-2025-54090 : The issue affects Apache HTTP Server, specifically version 2.4.64, where all "RewriteCond expr ..." tests evaluate as true due to a bug in the expression evaluation. The remedy is to upgrade to version 2.4.65, which includes the fix. The provided connected documents co...

CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center

This ticket requests an LTS 9.2 fix for the issue at https://asecurityteam.atlassian.net/browse/VULN-1552959 . i This ticket doesn't have a due date because backport security fixes are only required for Critical-severity issues. Details: Security Bug Fix...

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...