CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-7606-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7606-1 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcall...

[slackware-security] sudo

New sudo packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.17p1-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Sudo's -h --host option could be specified when running ...

USN-7595-5: Linux kernel vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

USN-7605-1: Linux kernel vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

CVE-2025-53298

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gioni Plugin Inspector plugin-inspector allows Path Traversal.This issue affects Plugin Inspector: from n/a through = 1.5...

CVE-2025-53094

creationtimestamp| type| source ---|---|--- 2025-06-27 20:25:01+00:00| seen| https://bsky.app/profile/potato.software/post/3lsmhwirigj2p 2025-06-27 20:39:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsmiqcpzd325 2025-06-27 20:52:27+00:00| published-proof-of-concept|...

CVE-2025-53264

Cross-Site Request Forgery CSRF vulnerability in Konrád Koller ONet Regenerate Thumbnails onet-regenerate-thumbnails allows Cross Site Request Forgery.This issue affects ONet Regenerate Thumbnails: from n/a through = 1.5...

SUSE-SU-2025:02145-1 Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059185 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in...

SUSE SLES15 Security Update : kernel (Live Patch 54 for SLE 15 SP3) (SUSE-SU-2025:01956-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01956-1 advisory. This update for the Linux Kernel 5.3.18-15030059195 fixes several issues. The following security issues were fixed: - CVE-2022-49080:...

SUSE SLES15 Security Update : kernel (Live Patch 50 for SLE 15 SP3) (SUSE-SU-2025:02140-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02140-1 advisory. This update for the Linux Kernel 5.3.18-15030059182 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: ine...

SUSE SLES15 Security Update : kernel (Live Patch 8 for SLE 15 SP6) (SUSE-SU-2025:01948-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01948-1 advisory. This update for the Linux Kernel 6.4.0-1506002338 fixes several issues. The following security issues were fixed: - CVE-2025-21680: pktgen:...

Microsoft Edge (Chromium) < 136.0.3240.104 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 136.0.3240.104. It is, therefore, affected by multiple vulnerabilities as referenced in the May 29, 2025 advisory. - Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to...

Fedora: Security Advisory (FEDORA-2025-69acb71145)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:02144-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024122 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50127: net: sched: fix use-after-free in tapriochange bsc1232908. -...

SUSE-SU-2025:02138-1 Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059188 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream bsc12387...

SUSE-SU-2025:02136-1 Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059179 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...

USN-7594-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...