CVE-2026-41581

Frappe framework vulnerability CVE-2026-41581: a possible SQL injection via get_blog_list affects versions prior to 15.106.0 and 16.16.0. The issue has been patched in 15.106.0 and 16.16.0. CVSS 4.0 base score 6.9 (MEDIUM); attack vector NETWORK, authentication NONE required, no user interaction....

PT-2026-48877

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get blog list. This issue has been patched in versions 15.106.0 and 16.16.0...

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

GitLab 15.6 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-12734)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certai...

ERPNext Cross-Site Scripting Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

EUVD-2017-12153

Malware in sbrugna...

EUVD-2023-43741

Malicious code in bioql PyPI...

macOS 15.x < 15.6.1 (124927)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.6.1. It is, therefore, affected by a vulnerability: - Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticat...

Linux Distros Unpatched Vulnerability : CVE-2017-17664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before...

Linux Distros Unpatched Vulnerability : CVE-2020-14779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u26...

Trimble Cityworks 15.x < 15.8.9 / 23.x < 23.10 Deserialization RCE

The version of Trimble Cityworks installed on the remote host is 15.x prior to 15.8.9, or 23.x prior to 23.10. It is, therefore, affected by a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet...

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2025-20970

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege...

OPENSUSE-SU-2025:0077-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 133.0.6943.141 boo1237699: This update includes 1 security fix. Various fixes from internal audits, fuzzing and other initiatives - fix build with qt6 and enable qt6 also for 15.x...

CVE-2024-8650

Removed by vendor...

macOS 15.x < 15.1.1 Multiple Vulnerabilities (121753)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.1.1. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and...

RHSA-2024:1314 Red Hat Security Advisory: postgresql:15 security update

Bulletin has no description...

PostgreSQL 12.x < 12.20 / 13.x < 13.16 / 14.x < 14.13 / 15.x < 15.8 / 16.x 16.4 SQL Injection<

The version of PostgreSQL installed on the remote host is 12 prior to 12.20, 13 prior to 13.16, 14 prior to 14.13, 15 prior to 15.8, or 16 prior to 16.4. As such, it is potentially affected by a vulnerability : - Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an...

PostgreSQL TOCTOU Vulnerability (Aug 2024) - Windows

PostgreSQL is prone to a time-of-check time-of-use TOCTOU race condition vulnerability in pgdump. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Linux

PostgreSQL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...