INFOSEC – USERSPACE.ORG :

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: Mageia

Mageia 9 Python-Django Critical SQL Injection DoS MGASA-2026-0032

MGASA-2026-0032 - Updated python-django packages fix security vulnerabilities

Mageia 9 yt-dlp Bug Fix Update MGAA-2026-0011 Released Today

MGAA-2026-0011 - Updated yt-dlp packages fix bugs

Mageia 9 libformula 2026-0010 Fixes LibreOffice Formatting Issue

MGAA-2026-0010 - Updated libformula & ant-contrib packages fix bug

Mageia 9 Expat Important Buffer Overflow Vulnerability MGASA-2026-0031

MGASA-2026-0031 - Updated expat packages fix security vulnerabilities

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

CVEMAP.ORG: Vulnerabilities & Exposures

Low CVE-2023-0687: GNU Glibc
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability.

Low CVE-2020-36660: Eve ship replacement program project Eve ship replacement program
A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

Medium CVE-2022-36728: Library management system project Library management system
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.

Low CVE-2021-30071: Hestiacp Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

OS: Gentoo

Gentoo Commons-BeanUtils High Risk Arbitrary Code Exec GLSA 202601-05

A vulnerability has been discovered in Commons-BeanUtils, which can lead to execution of arbitrary code.

Gentoo Asterisk High Code Execution Risks GLSA-202601-04

Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.

Gentoo GIMP High Arbitrary Code Execution GLSA-202601-03 CVE-2025-10934

A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code.

Gentoo Vim High Multiple Execution Threat GLSA-202601-02 CVE-2025-53905

Multiple vulnerabilities have been discovered in Vim and gVim, the worst of which could lead to execution of arbitrary code.

OS: Debian

Debian Chromium Critical Code Exec DoS Info Disclosure DSA-6122-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 144.0.7559.109-2~deb12u1.

Debian DSA-6121-1 Tomcat11 Important Denial of Service Vulnerabilities

Several security vulnerabilities have been found in Tomcat 11, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For the stable distribution (trixie), these problems have been fixed in

Debian DSA-6120-1 Tomcat10 Serious Vulnerabilities Resource Depletion DoS

Several security vulnerabilities have been found in Tomcat 10, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. For the oldstable distribution (bookworm), these problems have been fixed

Debian Trixie OpenJDK Important Man-in-the-Middle Attacks DSA-6119-1

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect certificate validation, CRLF injection or man-in-the-middle attacks. For the stable distribution (trixie), these problems have been fixed in version 25.0.2+10-1~deb13u2. This version of OpenJDK now also requires

OS: OpenSuse

openSUSE kubernetes-legacy Vital Security Patch SUSE-SU-2026-0399-2

An update that can now be installed.

openSUSE Leap 16.0 python-maturin Moderate Log Pollution Vuln 2026-20180-1

An update that solves one vulnerability and has one bug fix can now be installed.

Fedora 39 libxml3 Important Security Warning 2040-40951-6

An update that solves one vulnerability and has one bug fix can now be installed.

openSUSE Tumbleweed python311-archive Critical Risk Advisory Notice

An update that solves one vulnerability can now be installed.

OS: Fedora

Fedora 42 openQA Update for lodash Important Protection CVE-2025-13465

This update bumps the bundled lodash to 4.17.23 to ensure openQA is protected against CVE-2025-13465. It likely was not vulnerable in any case, though, as I don't believe the vulnerable codepaths were exposed by openQA's use of lodash.

Fedora 42 yarnpkg Critical Prototype Pollution Fix FEDORA-2026-2809f801f3

Regenerate vendor tarball. Fixes CVE-2025-13465.

Fedora 42 pgAdmin 4 CVE-2025-13465 Severe Prototype Pollution Fix

Regenerate vendor tarball. Fixes CVE-2025-13465.

Fedora 42 Security Advisory for PHPUnit 12.5.8 - CVE-2026-24765 Risk

Version 12.5.8 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Exploit-DB.com

[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
Docker Desktop 4.44.3 - Unauthenticated API Exposure

[webapps] aiohttp 3.9.1 - directory traversal PoC
aiohttp 3.9.1 - directory traversal PoC

[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.

OS: Suse

SUSE openSUSE Important Kubernetes-Old Security Risk 2026-0399-1

# Security update for kubernetes-old Announcement ID: SUSE-SU-2026:0399-1 Release Date: 2026-02-06T12:06:43Z Rating: important References:

SUSE Linux Enterprise Server 12 SP5 SQLite3 Moderate Update CVE-2025-7709

An update that solves one vulnerability and has one security fix can now be installed.

SUSE Cockpit Virtualization Significant Security Patch CVE-2025-13466

An update that solves one vulnerability can now be installed.

SUSE Linux Micro 5.2 Advisory 2026-0397-1 Cockpit-Machines Important Update

An update that solves one vulnerability can now be installed.

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: Slackware

Slackware 15.0 p11-kit Moderate RPC Null Dereference 2026-037-01

New p11-kit packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0 expat Critical DoS Buffer Overflow Vuln 2026-031-01

New expat packages are available for Slackware 15.0 and -current to fix security issues.

Slackware 15.0 Mozilla-Firefox Critical Security Update 2026-028-01

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Slackware: bind Critical DoS Issue CVE-2025-13878 2026-021-01

New bind packages are available for Slackware 15.0 and -current to fix security issues.

OS: Ubuntu

Ubuntu 24.04 LTS Kernel Critical FIPS Flaw Patch USN-8015-3

Several security issues were fixed in the Linux kernel.

Ubuntu 25.10 Tracker-Miners Important Denial of Service USN-8019-1

tracker-miners could be made to crash or run programs as your login if it opened a specially crafted file.

Ubuntu 25.10 GLib Critical Denial of Service Arbitrary Code 2026-1484

Several security issues were fixed in GLib.

Ubuntu 25.10 Python Security Fixes for Critical Issues 2025-11468

Several security issues were fixed in Python.

OS: Debian LTS

Debian 11 LTS DLA-4472-1 Sudo Important Log Issue CVE-2023-28486

Sudo, a program designed to allow a sysadmin to give limited root privileges to users and log root activity, was affected by multiple vulnerabilities. CVE-2023-28486 Sudo did not escape control characters in log messages.

Debian 11 Bullseye DLA-4471-1 debian-security-support Update Notification

Debian 11 phpunit Remote Code Execution Risk DLA-4470-1 CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `cleanupForCoverage()` method, which deserializes code coverage files without validation, potentially allowing remote code execution if

Debian 11 alsa-lib Important Buffer Overflow Fix DLA-4469-1 CVE-2026-25068

A buffer overflow in the alsa-lib package can lead to a crash when a topology file (.tplg) has an excessive num_channels value. The alsa-lib package contains libraries and tools to interface with ALSA, the Advanced Linux Sound Architecture. For Debian 11 bullseye, this problem has been fixed in version