SUSE SLES12 Security Update : clamav (SUSE-SU-2026:1324-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1324-1 advisory. Update to clamav 1.5.2: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service...

sb-poc-web

StackBill Deployer Web-based deployment portal for StackBill...

Release Information for Dell SC Series Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Dell SC Series Plug-In v1.0.211, ensure that you are running Veeam Backup & Replication...

EUVD-2019-3615

Malware in sbrugna...

EUVD-2023-36450

Malicious code in bioql PyPI...

EUVD-2025-12983

Malicious code in bioql PyPI...

GHSA-4XH5-X5GV-QWPH pip's fallback tar extraction doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

AZL-64520 CVE-2025-38173 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0...

Improper Neutralization of Special Elements Used in a Template Engine

Overview pyspur is a PySpur is a Graph UI for building AI Agents in Python Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the SingleLLMCallNode function. An attacker can execute unauthorized template code and potential...

CVE-2022-49804

In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for currentstackpointer Commit 30de14b1884b "s390: currentstackpointer shouldn't be a function" made currentstackpointer a global register variable like on many other architectures. Unfortunately...

CVE-2022-49804 s390: avoid using global register for current_stack_pointer

In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for currentstackpointer Commit 30de14b1884b "s390: currentstackpointer shouldn't be a function" made currentstackpointer a global register variable like on many other architectures. Unfortunately...

Sonos Speakers S1 App < 11.15.1, S2 App < 16.6 Multiple RCE Vulnerabilities (SSA-2024-0002)

Sonos speakers are prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

Microsoft Edge (Chromium-Based) < 134.0.3124.66 RCE Vulnerability (Mar 2025)

Microsoft Edge Chromium-Based is prone to a remote code execution RCE vulnerability SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-21669 affecting package kernel for versions less than 6.6.76.1-1

CVE-2025-21669 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

Azure Linux 3.0 Security Update: postgresql (CVE-2024-4317)

The version of postgresql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4317 advisory. - Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged...

WordPress ProfilePress Plugin < 3.2.16 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

Google Chrome Security Update (stable-channel-update-for-desktop_28-2025-01) - Linux

Google Chrome is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Exploit for Path Traversal in Iptanus Wordpress_File_Upload

CVE-2024-9047: Exploit for WordPress File Upload Plugin De...

Google Chrome < 131.0.6778.264 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 131.0.6778.264. It is, therefore, affected by a vulnerability as referenced in the 202501stable-channel-update-for-desktop advisory. - Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote...

PT-2025-39265

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that...