DNN: Same HostGUID For All New Installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

UBUNTU-CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

org.bedework.deploy:bw-wf-feature-pack (>=4.1.0 <=5.0.0), org.bedework.deploy:bw-wf-keycloak-saml-filter-feature-pack (>=4.0.3 <=5.0.0) +39 more potentially affected by CVE-2026-2092 via org.keycloak:keycloak-saml-adapter-core (>=10.0.0 <=26.2.1)

org.keycloak:keycloak-saml-adapter-core MAVEN version =10.0.0, =4.1.0, =4.0.3, =21.1.0, =10.0.0, =10.0.0, =11.0.0, =21.1.0, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =10.0.0, =10.0.0, =18.0.2 and more Source cves: CVE-2026-2092 Source advisory:...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +170 more potentially affected by CVE-2026-1035 via org.keycloak:keycloak-services (>=10.0.0 <=26.2.5)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.1, =1.0.2 and more Source cves: CVE-2026-1035 Source advisory: OSV:GHSA-M2W5-7XHV-W6FH...

CVE-2025-48768

Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fsinoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger that is disabled by default, NULL pointer dereference handled differently depending on the targ...

EUVD-2019-6059

Malware in sbrugna...

EUVD-2025-25460

Malicious code in bioql PyPI...

EUVD-2023-26061

Malicious code in bioql PyPI...

EUVD-2022-27093

Malicious code in bioql PyPI...

BIT-NIFI-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

CVE-2025-6465

Mattermost Server is affected by CVE-2025-6465 due to failure to sanitize file names in file streaming APIs, enabling path-traversal to overwrite attachment thumbnails by users with file upload permission. Affected versions include Mattermost Server 10.8.x up to 10.8.3, 10.5.x up to 10.5.8, 10.10...

Umbraco CMS disclosure of configured password requirements

Impact Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.3.2 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.3.2 <=1.4.11) +34 more potentially affected by CVE-2025-0604 via org.keycloak:keycloak-ldap-federation (>=10.0.0 <=26.0.1)

org.keycloak:keycloak-ldap-federation MAVEN version =10.0.0, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =1.3.2, =2.5.6-24.0, =0.1.0, =0.2, =1.0.0, =1.1.0 and more Source cves: CVE-2025-0604 Source advisory: OSV:GHSA-2P82-5WWR-43CW...

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.4.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1097 more potentially affected by CVE-2024-10039 via org.keycloak:keycloak-core (>=10.0.0 <=26.0.5)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.10.0, =0.10.0, =0.10.5-experimental and more Source cves: CVE-2024-10039 Source advisory: OSV:GHSA-93WW-43RR-79V3...

PT-2024-7169 · Vercel · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...

Microsoft Windows Error Reporting Security Vulnerability

Microsoft Windows Error Reporting WER is a component of Microsoft Corporation USA. It enables users to notify Microsoft of application failures, kernel failures, unresponsive applications, and other application-specific problems. A security vulnerability exists in Microsoft Windows Error Reportin...

CVE-2023-21985

Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

SUSE CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

CVE-2022-20484

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Hitachi Energy MicroSCADA X SYS600 缓冲区错误漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A buffer error vulnerability exists in Hitachi Energy...