PT-2025-52899

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bpf skb check mtu helper in the Linux kernel does not properly validate the skb-transport header, potentially leading to issues when the BPF MTU CHK SEGS flag is used. Specifically,...

CVE-2025-14091 TrippWasTaken PHP-Guitar-Shop Product Details product.php sql injection

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

EUVD-2025-201422

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990403 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154xmitcomplete helper is no...

EUVD-2016-6901

Malware in sbrugna...

CVE-2024-8410

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otrossitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been...

CVE-2024-42106 inet_diag: Initialize pad field in struct inet_diag_req_v2

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

Qualys Jenkins Plugin for WAS XML External Entity vulnerability

Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize t...

CVE-2023-6149

Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize t...

CVE-2023-6149

Qualys Jenkins Plugin for WAS (versions prior to and including 2.0.11) is affected by a privilege-check flaw during the connectivity check to Qualys Cloud Services. This lack of permission checking allows any user with login access to configure or edit jobs to route or modify requests to a rogue ...

was-zum-kuckuck.de Improper Access Control vulnerability OBB-3820575

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)

OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code...

Qualys API Best Practices: Web Application Scanning API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...

Building an AppSec Program with Qualys WAS – Introduction

Part 1 - Introduction and Configuring a Web Application or API: Basic Information Welcome to our introductory series of blogs where we will take you step-by-step through your application security journey with Qualys Web Application Scanning WAS to build and deploy secure web applications and APIs...

Qualys Named a Market Leader in GigaOm Radar Report for Application Security Testing

Qualys Web Application Scanning WAS has been named a leader in the GigaOm Radar Report for Application Security Testing, 2023. Web app security is critical for every organization, for attacks on this vector caused 25% of breaches, according to the Verizon 2023 Data Breach Investigations Report. T...

wtms-pdtklg.selangor.gov.my Cross Site Scripting vulnerability OBB-3308590

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2023

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2023. IBM 8 SR7 FP20 1.8.0351. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION:...

SUSE CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to spoofing attacks due to WAS Liberty (CVE-2018-25031, CVE-2021-46708)

Summary IBM Sterling Partner Engagement Manager has addressed all vulnerabilities published by WAS liberty below. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, a...