K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699

Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...

EUVD-2026-24994

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

CVE-2026-35345

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

CVE-2026-35360

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

CVE-2026-35349 uutils coreutils Path-Based Safety Bypass with --preserve-root

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

CVE-2020-37069 Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service

Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code...

RLSA-2026:0136 Important: mariadb10.11 security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

Important: Red Hat Security Advisory: mariadb:10.3 security update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

CVE-2025-59269 BIG-IP Configuration utility XSS vulnerability

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2024-1941

Malicious code in bioql PyPI...

EUVD-2025-16308

Malicious code in bioql PyPI...

EUVD-2022-1267

Malicious code in bioql PyPI...

ROS-20250923-07

The vulnerability of the core server component of the PostgreSQL database management system is related to flaws in the in access control. Exploitation of the vulnerability could allow a remote intruder to bypass ACL security restrictions and gain unauthorized access to protected information. ACL...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

CVE-2025-5278

CVE-2025-5278 (GNU Coreutils) : The sort utility’s begfield() is vulnerable to a heap buffer under-read, allowing access to memory outside the allocated buffer when a crafted command uses the traditional key format. The result can be a crash or leakage of sensitive data. Connected sources (EulerO...

ROS-20240516-01

Vulnerability of Less, a utility for UNIX-like text terminals, is related to incorrect processing of quotation marks in filename.c file. quotes in the filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability (CNVD-2024-22215)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

Dell SD ROM Utility Access Control Error Vulnerability

Dell SD ROM Utility is a tool from Dell USA that helps to permanently write-protect SD cards. An access control error vulnerability exists in Dell SD ROM Utility versions prior to 1.0.2.0, which can be exploited by an attacker to execute arbitrary code with limited access rights...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-11-openjdk (SUSE-SU-2023:3287-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3287-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK...

ROS-2-1264

2.1264 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...