CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

EUVD-2024-20707

Malicious code in bioql PyPI...

USN-7704-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

Oracle Linux 9 : firefox (ELSA-2025-11748)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-11748 advisory. 128.13.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

SUSE CVE-2024-52005

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

PT-2024-16394 · Safenet · Esafenet Cdg 5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical vulnerability has been found in ESAFENET CDG 5, affecting the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to SQL...

ol8addon security update

golang 1.17.13-1.0.1 - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust 1.17.12-1 - Update Go to version 1.17.12 - Resolves: rhbz2109182 go-toolset 1.17.13-1 - Set version to correspond to the matching build golang version...

PT-2021-21972 · Openstack +1 · Openstack Keystone +1

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions 10.x through 16.x before 16.0.2 OpenStack Keystone versions 17.x before 17.0.1 OpenStack Keystone versions 18.x before 18.0.1 OpenStack Keystone versions 19.x before 19.0.1 Description: The issue allows information...

OracleVM 3.4 : microcode_ctl (OVMSA-2018-0013) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - Revert: early microcode load to allow updating Broadwell model 79 - Revert: Make sure 'modprobe microcode' is not executed on Broadwell model 79 - Revert: Run dracut upon microcode update - Revert...

PT-2017-14272 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.0.x before 6.0.3-8754-3 Synology DiskStation Manager DSM versions 5.2-5967-6 and earlier Description: A directory traversal issue in the SYNO.FileStation.Extract component allows remote authenticate...

PT-2017-2777 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.0.M21 Apache Tomcat versions 8.5.0 through 8.5.15 Apache Tomcat versions 8.0.0.RC1 through 8.0.44 Apache Tomcat versions 7.0.41 through 7.0.78 Description: The issue is related to the CORS Filter in...

CentOS Update for wireshark CESA-2014:0342 centos6

Check for the Version of wireshark OpenVAS Vulnerability Test CentOS Update for wireshark CESA-2014:0342 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

RedHat Update for kdegraphics RHSA-2008:0238-01

Check for the Version of kdegraphics OpenVAS Vulnerability Test RedHat Update for kdegraphics RHSA-2008:0238-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

bind 10.2/11.0 recompile

Updated bind packages are available for Slackware 10.2 and 11.0 to address a load problem. It was reported that the initial build of these updates complained that the Linux capability module was not present and would refuse to load. It was determined that the packages which were compiled on 10.2...

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...

MS04-041: Vulnerabilities in WordPad (885836)

The remote host contains a version of Microsoft WordPad that is vulnerable to two security flaws. To exploit these flaws an attacker would need to send a malformed Word file to a victim on the remote host and wait for him to open the file using WordPad. Opening the file with WordPad will trigger ...