Fedora 42 : unbound (2025-38b1c0f3b5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-38b1c0f3b5 advisory. Update to 1.24.2 rhbz2417261 - Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/unbound-1-24-2 Tenable has extracted the...

Fedora: Security Advisory (FEDORA-2025-90281e4554)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-68796 CVE-2025-11411 affecting package unbound for versions less than 1.19.1-4

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

EUVD-2019-0153

Malware in sbrugna...

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

GHSA-QXQF-2MFX-X8JW veraPDF has potential XSLT injection vulnerability when using policy files

Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches This has been patched and users should upgrade to veraPDF v1.24.2 Workarounds This doesn't affect the standard validation an...

PT-2024-21295 · Xwiki · Xwiki Application Licensing

Name of the Vulnerable Software and Affected Versions: XWiki Application Licensing versions prior to 1.24.2 Description: The XWiki licensor application includes a public document Licenses.Code.LicenseJSON that exposes sensitive information, including the instance's id, first and last name, and...

WordPress Plugin Import and export users and customers Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

GHSA-R64Q-W8JR-G9QP Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

WordPress Unauthorized Operation Vulnerability (CNVD-2020-29838)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Addons for Elementor is an extension plugin that uses one of the Elementor page builder plugins. A security vulnerability exis...

python-urllib3: Certification mishandle when error should be thrown

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

PT-2018-3994 · Python +6 · Urllib3 +6

Name of the Vulnerable Software and Affected Versions: urllib3 versions prior to 1.24.2 Description: The issue is related to the use of open redirects in the Urllib3 HTTP library for Python. Exploitation of this issue can allow a remote attacker to access and compromise confidential data...

MediaWiki 'Language Variants' < 1.19.24, 1.20.x < 1.23.9, 1.24.x < 1.24.2 XSS Vulnerability - Active Check

MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...