Linux Distros Unpatched Vulnerability : CVE-2021-47148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2setrxfhcontext This function is called from...

CVE-2025-8534

CVE-2025-8534 affects libtiff 4.6.0, specifically PS_Lvl2page in tools/tiff2ps.c (tiff2ps). The vulnerability yields a null pointer dereference and can be triggered locally; attack complexity is high, but exploitation has been disclosed. A patch exists (6ba36f159fd396ad11bf6b7874554197736ecc8b) a...

CVE-2025-8519 givanz Vvveb Drag-and-Drop Editor editor information disclosure

A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure. It is possible to...

GHSA-VF2R-CXG9-P7RF The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

Linux Distros Unpatched Vulnerability : CVE-2024-27390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronizenet barrier in ipv6mcdown As discussed in the past commit...

Linux Distros Unpatched Vulnerability : CVE-2025-5991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a Use After Free vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected ...

Linux Distros Unpatched Vulnerability : CVE-2019-19043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in the i40esetupmacvlans function in drivers/net/ethernet/intel/i40e/i40emain.c in the Linux kernel through 5.3.11 allows attackers to cause a...

CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...

WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.1.2...

RLSA-2025:12006 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

PSF-2025-11

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

PT-2025-31145

Name of the Vulnerable Software and Affected Versions CPython versions affected versions not specified Description A defect exists in the CPython “tarfile” module, impacting the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets...

WordPress Bricks Builder Theme <= 1.12.4 is vulnerable to SQL Injection

Software Bricks Builder Type Theme Vulnerable versions = 1.12.4 Fixed in 2.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2025-6495 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a75c4498f744 Credits Jamie Burchell Required privilege Unauthenticated...

python311-starlette-0.47.2-1.1 on GA media (moderate)

python311-starlette-0.47.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15381-1 Rating: moderate Cross-References: CVE-2025-54121 CVSS scores: CVE-2025-54121 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-54121 SUSE : 6.9...

BELL-CVE-2025-54090

Bulletin has no description...

CVE-2025-7953 Sanluan PublicCMS viewer.html redirect

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...

CVE-2025-7949 Sanluan PublicCMS preview.html redirect

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...

redis security update

6.2.19-1 - rebase to 6.2.19 for CVE-2025-32023 and CVE-2025-48367 6.2.18-1 - rebase to 6.2.18 for CVE-2025-21605 6.2.17-1 -- rebase to 6.2.17 for CVE-2024-46981 6.2.16-1 - rebase to 6.2.16 RHEL-26627...