PHP 8.2.x < 8.2.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.1.x < 8.1.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.32-i586-1slack15.0.txz: Upgraded. This update fixes security issues: LibXML: libxml streams use wrong content-type header when...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating log files bsc1236559 CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration bsc1236734 CVE-2025-21613: Remove...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: Security issues fixed: CVE-2024-45339: Fixed vulnerability when creating log files bsc1236559 CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration bsc1236734 CVE-2025-21613: Remove...

WordPress flickr-slideshow-wrapper Plugin <= 5.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin flickr-slideshow-wrapper versions = 5.4.6...

SUSE CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Do not query the device’s logical block size multiple times. The block sizes of devices may change. One such case is when a loop device is used, through the ioctl LOOPSETBLOCKSIZE function. While this may cause other...

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center ASEC. The attacks commence with phishing emails...

CVE-2022-36024

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

CVE-2022-2433

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

mariadb:10.11 security update

galera 26.4.20-1.0.1 - Drop nmap-ncat requirement. Orabug: 34116228 - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Orabug: 34116228 26.4.20-1 - Rebase to 26.4.20 26.4.19-1 - Rebase to 26.4.19 26.4.18-1 - Rebase to 26.4.18 mariadb 3:10.11.10-1 - Rebase ...

traceroute: improper command line parsing

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines...

CVE-2024-57922 drm/amd/display: Add check for granularity in dml ceil/floor helpers

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers Why Wrapper functions for dcnbwceil2 and dcnbwfloor2 should check for granularity is non zero to avoid assert and divide-by-zero error in dcnbw functions. How A...

PT-2025-11345

Name of the Vulnerable Software and Affected Versions: PHP versions up to 8.1.31 PHP versions up to 8.2.27 PHP versions up to 8.3.18 PHP versions up to 8.4.4 php7.4 Description: The issue concerns the Streams HTTP Wrapper in PHP. Recommendations: For PHP versions up to 8.1.31, update to a version...

Malicious code in python-bitget-wrapper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 769187e87797e69e9ebfc00eb97274a91fea1c86b1472b4ef6436441f737c8b9 Importing the module starts an obfuscated PowerShell code, which downloads and executes a remote script. On Windows, the script appears to just start the...