[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-7.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.26.11-1.fc42

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

[SECURITY] Fedora 44 Update: gstreamer1-plugins-bad-free-1.28.1-1.fc44

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

CVE-2025-65009

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

CVE-2025-65009 Insecure Password Storage in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

EUVD-2025-197995

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting XSS vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. The vendor was notified early about this...

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-406106)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-406106 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issu...

EUVD-2025-25275

Malicious code in bioql PyPI...

EUVD-2025-25274

Malicious code in bioql PyPI...

EUVD-2025-25277

Malicious code in bioql PyPI...

CVE-2025-54541

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

CVE-2025-54543

QuickCMS (CMS) is affected by CVE-2025-54543, a Stored XSS in the page editor SEO functionality via the sDescriptionMeta parameter. The vulnerability allows an admin with privileges to inject arbitrary HTML/JS that is rendered when visiting the edited page. Only version 6.8 has been tested and co...

CVE-2025-54541 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respon...

AlmaLinux 9 : libarchive (ALSA-2025:14130)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:14130 advisory. libarchive: Double free at archivereadformatrarseekdata in archivereadsupportformatrar.c CVE-2025-5914 Tenable has extracted the preceding description block...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.26.3-4.fc41

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.26.3-4.fc42

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

Fedora 42 : matrix-synapse (2025-9e0e3043af)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9e0e3043af advisory. Update to 1.135.2 ---- Update to 1.135.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Security Updates for Microsoft PowerPoint Products (August 2025)

The Microsoft PowerPoint Products are missing a security update. They are, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instea...

Linux Distros Unpatched Vulnerability : CVE-2024-38565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an endpoint in use not having an expected type to it. Fix the issu...