GHSA-6G4J-38C6-C7FH vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....

java-17-openjdk security update

1:17.0.19.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:17.0.19.0.10-1 - Update to jdk-17.0.19+10 GA - Add to .gitignore openjdk-17.0.19+10.tar.xz - Set updatever to 19 - Set buildver to 10 - Set rpmrelease to 1 - Update sources to openjdk-17.0.19+10.tar.xz - This tarball is embargoed...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router produced by TOTOLINK Corporation. The TOTOLINK A3300R version 17.0.0cu.557b20221024 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter “enable” in the file /cgi-bin/cstecgi.cgi, which may lead to...

GHSA-74RH-C5RH-88VG XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

CVE-2024-34532

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module aka querydeluxe 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::getresultfromquery...

FreeBPX < 16.0.44 Authentication Bypass

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...

java-17-openjdk security update

1:17.0.17.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:17.0.17.0.10-1 - Update to jdk-17.0.17+10 GA - Add to .gitignore openjdk-17.0.17+10.tar.xz - Set buildver to 10 - Set rpmrelease to 1, remove 'must start at 2' comment - Set isga to 1 - Update sources to openjdk-17.0.17+10.tar.xz...

EUVD-2025-5574

Malicious code in bioql PyPI...

GHSA-XJHF-7833-3PM5 Volto affected by possible DoS by invoking specific URL by anonymous user

Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...

CVE-2016-3425 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

CVE-2020-14579 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

GHSA-3G8V-2W9J-WWCX vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

GHSA-W522-FX29-439V vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

CVE-2011-3557 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

CVE-2011-10021

Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler SEH. By crafting a...

CVE-2011-10021

Magix Musik Maker 16 is affected by a stack-based buffer overflow when processing .mmm files due to an unsafe strcpy() that fails to validate input length, allowing an attacker to overwrite the Structured Exception Handler (SEH). Exploitation is triggered by opening a crafted .mmm file and can le...