28 matches found
JLSEC-2026-89
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...
CLEANSTART-2026-AV56399 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1
Multiple security vulnerabilities affect the gpu-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TW35447 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1
Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RL67763 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 25.10.0-r1
Multiple security vulnerabilities affect the gpu-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-2914
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs...
CVE-2025-66374
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...
CVE-2025-66374
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...
CVE-2025-66374
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...
PT-2026-5953
Name of the Vulnerable Software and Affected Versions CyberArk Endpoint Privilege Manager Agent versions through 25.10.0 Description A local user can elevate privileges through policy elevation of an Administration task. This allows for privilege escalation. Recommendations Update CyberArk Endpoi...
Astra Linux – Vulnerability in Poppler
Poppler is a library for rendering PDF files and examining or modifying their structure. A use-after-free vulnerability has been detected in versions of Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector; this can...
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...
LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...
GHSA-C89F-8G7G-59WJ LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988622)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988622 advisory. Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler...
CVE-2025-62412
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...
CVE-2025-62411
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting XSS vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored a...
EUVD-2025-34819
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability...
CVE-2025-62412
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...
CVE-2025-62412
LibreNMS (Alerts > Alert Rules) is affected by an HTML injection vulnerability in the alert rule name field due to improper sanitization, enabling cross-site scripting (XSS). The issue is fixed in version 25.10.0. Remediation: upgrade to 25.10.0 or newer. Root cause notes across sources descri...