CVE-2024-30250

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

CVE-2024-38521

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

CVE-2024-23835

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...

CVE-2024-10124

The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tpinstall function in all versions up to, and including, 1.1.1. This makes it possible for...

CVE-2024-28861

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in sfNamespacedParameterHolder class that would enable an attacker to get remot...

CVE-2024-37905

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

OpenLink Virtuoso < 7.2.14 DoS

The remote web server is affected by a denial of service vulnerability. An issue in the sqlcadddistinctnode component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements. %NASLMINLEVEL 80900 Tenable, Inc. include'compat.inc'; if...

CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

CVE-2024-13699 Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-24371

CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X&gt;Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...

CVE-2025-25064

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in...

CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13

CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13. A patched version of the package is available...

SUSE SLES15: kernel-livepatch-5_14_21-150400_24_103-default / etc (SUSE-SU-2025:0250-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0250-1 advisory. This update for the Linux Kernel 5.14.21-15040024103 fixes one issue. The following security issue was fixed: - CVE-2024-36971: Fixed dstnegativeadvice...

SUSE-SU-2025:0251-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-4895...

SUSE-SU-2025:0249-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024122 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-4895...

CVE-2024-55931

The CVE-2024-55931 affects Xerox Workplace Suite. It discloses that tokens are stored in sessionStorage, which could be exposed if a user’s session is compromised. The vulnerability’s impact includes Confidentiality loss (per CVSS: High; I/N/A: none). Root cause is storage of tokens in session st...

PT-2025-1613

Name of the Vulnerable Software and Affected Versions Arm Cortex-A72 versions prior to r1p0 Arm Cortex-A73 affected versions not specified Arm Cortex-A75 affected versions not specified Description The issue may allow an adversary to gain a weak form of control over the victim's branch history...

CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4

CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4. A patched version of the package is available...

CVE-2025-24011

Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...