Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

MAL-2025-179551 Malicious code in anais-papoa-0iaia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12c5097d8119b14a5fe2d44795ec0dae5e1af22dfd66c4e8c52306d04e93e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-94598 Malicious code in frantic_piranha_requirement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e386713b13a89290f1e0209416247fe29efbdd145410e2b4d7eff3ed838cf63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-20231

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-4768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause ...

AZL-73046 CVE-2025-38477 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping...

Exploit for Code Injection in Oretnom23 Simple_Student_Attendance_System

CVE-2023-51801 Simple Student Attendance System v.1.0 - Mult...

GSD-2022-1001603 mm/kmemleak: reset tag when compare object pointer

mm/kmemleak: reset tag when compare object pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

CVE-2021-22469

A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read...

UBUNTU-CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

Mozilla: DoH did not filter IPv4 mapped IP Addresses

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...

zuerioberland-tourismus.ch XSS vulnerability

Open Bug Bounty ID: OBB-603483 Description| Value ---|--- Affected Website:| zuerioberland-tourismus.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

dance.nyc XSS vulnerability

Vulnerable URL: https://www.dance.nyc/search/?dir=%3C/script%3E%3Cscript%3Ealert'OPENBUGBOUNTY';%3C/script%3E%3Cscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 759468 VIP...

ALPINE-CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow

!/usr/bin/python --------------------------------------------------------------------------- Exploit: TFTP SERVER V1.4 ST RRQ Overflow OS: Windows XP PRO SP3 Author: b33f --------------------------------------------------------------------------- Smashing the stack for fun and practise... This tf...