EUVD-2025-209092

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

MiracleLinux 3 : sudo-1.7.2p1-13.AXS3 (AXSA:2012-350:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-350:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

EUVD-2017-11159

Malware in sbrugna...

EUVD-2018-13824

Malware in sbrugna...

EUVD-2022-29584

Malicious code in bioql PyPI...

EUVD-2024-21980

Malicious code in bioql PyPI...

EUVD-2023-0016

Malicious code in bioql PyPI...

EUVD-2025-1643

Malicious code in bioql PyPI...

EUVD-2023-53278

Malicious code in bioql PyPI...

EUVD-2025-21776

Malicious code in bioql PyPI...

EUVD-2022-0022

Malicious code in bioql PyPI...

EUVD-2022-51939

Malicious code in bioql PyPI...

EUVD-2023-0243

Malicious code in bioql PyPI...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper access control in the getValue for objects. An attacker can gain unauthorized access to, create, edit, or relate data and object entries or definitions across different virtu...

Security Bulletin: Multiple vulnerabilities that affects BigReplicate (CVE-2024-51504, CVE-2024-38821, CVE-2023-20863)

Summary zookeeper-3.9.2.jar, spring-aop-5.3.26.jar, spring-security-web-5.8.11.jar dependency packages are being used by IBM BigReplicate . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: When using...

Linux Distros Unpatched Vulnerability : CVE-2023-25151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhtt...

Apache CXF 3.5.10 / 3.6.5 / 4.0.6 / 4.1.0 DoS (CVE-2025-48795)

The version of Apache CXF installed on the remote host is 3.5.10, 3.6.5, 4.0.6, or 4.1.0. It is, therefore, affected by a denial of service vulnerability: - Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire...

CVE-2025-52520

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...