CVE-2025-71113

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests allocated with sockkmalloc were left uninitialized, relying on callers to set fields explicitly. This resulted in the...

MiracleLinux 4 : spice-gtk-0.11-11.AXS4.1 (AXSA:2012-921:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-921:03 advisory. Client libraries for SPICE desktop servers. Security issues fixed with this release: CVE-2012-4425 libgio, when used in setuid or other privileged programs in...

MiracleLinux 4 : dbus-1.2.24-7.AXS4 (AXSA:2012-954:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-954:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

MiracleLinux 3 : sudo-1.7.2p1-7.AXS3 (AXSA:2010-366:04)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-366:04 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

CVE-2025-13895

The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2025-13893

The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

MiracleLinux 9 : httpd-2.4.62-7.el9_7.3 (AXSA:2025-11631:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11631:11 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride...

MiracleLinux 8 : freetype-2.9.1-9.el8.ML.1 (AXSA:2025-9777:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9777:02 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph...

Security update for matio (important)

openSUSE security update: security update for matio ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20022-1 Rating: important References: bsc1239677 bsc1239678 Cross-References: CVE-2025-2337 CVE-2025-2338 Affected Products: openSUSE Leap 16.0...

MiracleLinux 9 : freetype-2.10.4-9.el9.ML.2 (AXSA:2025-9776:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9776:01 advisory. An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph...

CLSA-2026-1768213076 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

CVE-2023-50783

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...

CVE-2023-40394

The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data...

CVE-2023-40946

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php...

CVE-2025-13893

The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

CVE-2001-1532

WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...

CVE-2003-1516

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.201 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet...

CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...