[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-6.fc42

NGINX module for Brotli compression...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43

Nginx virtual host traffic status module...

CVE-2023-49328

On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module...

AlmaLinux 10 : mod_md (ALSA-2025:23738)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23738 advisory. modmd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753 Tenable has extracted the preceding description block directly from the AlmaLinu...

[SECURITY] Fedora 41 Update: mod_http2-2.0.35-1.fc41

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

EUVD-2025-27708

Malicious code in bioql PyPI...

ML-Logger 安全漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A security vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from an incorrect manipulation of the parameter data of the...

GO-2025-3910 Mattermost Fails to Sanitize File Names in github.com/mattermost/mattermost-server

Mattermost Fails to Sanitize File Names in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

OESA-2025-2087 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

DELL iDRAC Service Module Elevation of Privilege Vulnerability

The DELL iDRAC Service Module is a lightweight software service on Dell servers that is primarily used to enhance the functionality of iDRAC Integrated Dell Remote Control Card and improve server management efficiency by consolidating operating system information. An elevation of privilege...

Linux Distros Unpatched Vulnerability : CVE-2022-23527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open...

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

DEBIAN-CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

CVE-2025-46809

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...

The vulnerability of the NAT Mapping configuration of the Virtual Server module in the microprogramming-based router software of TOTOLINK A3002RU allows attackers to carry out cross-site scripting (XSS) attacks.

The vulnerability of the NAT Mapping configuration of the Virtual Server module in the TOTOLINK A3002RU router software lies in the lack of protection for the website structure when processing the Service Type parameter. Exploiting this vulnerability allows an attacker to perform cross-site...

TimeWorks vulnerable to path traversal

Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

The vulnerability of the krb_authenticate() function in the fs/smb/server/smb2pdu.c module of the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the krbauthenticate function in the fs/smb/server/smb2pdu.c module of the Linux operating system’s kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow a attacker to cause a denial-of-service attack...

CVE-2025-23392

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...

CVE-2025-23392

CVE-2025-23392 is a spacewalk-java XSS vulnerability (Improper Neutralization of Script-Related HTML Tags). Affects SUSE Manager components including Spacewalk/Spacewalk-Java modules and SUSE Manager Server Module 4.3; targeted versions listed as before 5.0.24-150600.3.25.1 for several containers...

CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...