CVE-2026-22977 affecting package kernel for versions less than 5.15.200.1-1

CVE-2026-22977 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-39697 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-39697 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-68803 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-68803 affecting package kernel for versions less than 6.6.121.1-1. A patched version of the package is available...

AZL-76158 CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

CVE-2025-66453 affecting package rhino for versions less than 1.7.15.1-1

CVE-2025-66453 affecting package rhino for versions less than 1.7.15.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-40204 affecting package kernel for versions less than 6.6.117.1-1

CVE-2025-40204 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-40068 affecting package kernel for versions less than 6.6.112.1-2

CVE-2025-40068 affecting package kernel for versions less than 6.6.112.1-2. An upgraded version of the package is available that resolves this issue...

📄 Summer Employee Portal SQL Injection

Summer Employee Portal versions prior to 3.98.0 suffer from an authenticated remote SQL injection vulnerability. Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677 Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author:...

WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Flozen versions 1.5.1...

AZL-75801 CVE-2024-34064 affecting package nodejs24 for versions less than 24.13.0-1

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

AZL-42175 CVE-2024-26952 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to -Buffer offset to...

AZL-34739 CVE-2024-0553 affecting package gnutls for versions less than 3.8.3-1

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

AZL-26170 CVE-2023-1990 affecting package kernel for versions less than 5.15.107.1-2

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem...

CVE-2022-23674

A remote authenticated stored cross-site scripting xss vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...