487 matches found
@apollo/server 安全漏洞
@apollo/server is a JavaScript code package open-sourced by Apollo GraphQL. Versions prior to 3.13.0, 4.13.0, and 5.4.0 of @apollo/server contain security vulnerabilities. These vulnerabilities stem from improper handling of encoded requests using special character sets in the default...
Security update for abseil-cpp
This update for abseil-cpp fixes the following issues: CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve, and rehash methods of absl:flat,nodehashset,map bsc1237543. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
CVE-2025-68660
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...
Malicious Package
Overview cml-tt-sets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Suricata security vulnerabilities
Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Vulnerabilities exist in versions of Suricata prior to 8.0.3 and 7.0.14. These vulnerabilities stem from the use of a stack buffer for storing data sets; if the data size is too large, it may lea...
Stegano 2.1.0
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...
CVE-2020-10611
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...
OWASP CRS 安全漏洞
OWASP CRS is an open source attack detection rule set from the CRS Project. A security vulnerability exists in OWASP CRS versions prior to 4.22.0 and prior to 3.3.8, which stems from a flaw in rule 922110 when processing multipart requests, which could lead to malicious character sets being ignor...
PT-2026-29086
Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.43 and earlier Description The iconv function in the GNU C Library may experience a crash due to an assertion failure when processing inputs from the IBM1390 or IBM1399 character sets. This could potentially be exploit...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992811)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992811 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check numvalidsets before accessing readerwmsets WHY & HOW numvalidsets needs to...
GRAudit Grep Auditing Tool 4.0
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...
EUVD-2025-199771
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected wh...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990875)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990875 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check numvalidsets before accessing readerwmsets WHY & HOW numvalidsets needs to...
[SECURITY] Fedora 42 Update: qt5-qtvirtualkeyboard-5.15.18-1.fc42
The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 5. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989827)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989827 advisory. In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinn...
Liferay Portal Vulnerable to DoS via Crafted Headless API Request
Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-servi...
Fedora: Security Advisory (FEDORA-2025-5c7374bfdb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2023-53701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: deactivate anonymous set from preparation phase backport for 4.14 of...
Siemens SIMATIC Devices Improper Control of Resource Identifiers (CVE-2023-52620)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
DEBIAN-CVE-2023-53701
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: deactivate anonymous set from preparation phase backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any upda...