OPENSUSE-SU-2026:10755-1 opa-1.16.2-1.1 on GA media

These are all security issues fixed in the opa-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в unbound

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

PT-2026-28618

Name of the Vulnerable Software and Affected Versions TigerVNC versions prior to 1.16.2 Description The software contains a flaw in the Image.cxx file within the x0vncserver component. Incorrect permissions allow other users to potentially observe or manipulate the screen content, or cause the...

CLEANSTART-2025-OB44035 Security fixes for CVE-2025-61729, GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 1.16.2-r2

Multiple security vulnerabilities affect the velero-fips package. These issues are resolved in later releases. See references for individual CVE and GHSA details...

MiracleLinux 9 : unbound-1.16.2-18.el9_6 (AXSA:2025-10520:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10520:03 advisory. unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 Tenable has extracted the preceding description block directly from the...

EUVD-2021-34105

Malicious code in bioql PyPI...

EUVD-2023-51941

Malicious code in bioql PyPI...

EUVD-2022-53220

Malicious code in bioql PyPI...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

CVE-2023-22427

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script...

RHSA-2024:11232 Red Hat Security Advisory: unbound:1.16.2 security update

Bulletin has no description...

PT-2024-35101 · Humhub · Humhub

Name of the Vulnerable Software and Affected Versions: HumHub versions through 1.16.2 Description: The issue affects HumHub, allowing excavation through user enumeration due to an observable response discrepancy. This discrepancy can lead to the generation of error messages containing sensitive...

AZL-50180 CVE-2024-0132 affecting package nvidia-container-toolkit for versions less than 1.16.2-1

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use TOCTOU vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2

Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...

CVE-2023-47846

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2...

PT-2024-13516 · Unknown · Terry Lin Wp Githuber Md

Name of the Vulnerable Software and Affected Versions: Terry Lin WP Githuber MD versions 1.16.2 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which can be exploited. No information is provided about the estimated number of potentially affecte...

GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

WordPress plugin WP Crontrol 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-2414

Name of the Vulnerable Software and Affected Versions WP Crontrol versions prior to 1.16.2 Description The issue is related to the WP Crontrol feature that allows administrative users to create events in the WP-Cron system, which can store and execute PHP code. Although there is no known...