Operations

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: wget — multiple HTTP client download filename vulnerability Related CVEs: CVE-2004-1487 CVE-2004-1488 CVE-2010-2252 Upstream summary: GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Spotipy — Spotipy's cache file, containing spotify auth token, is created with overly broad permissions Related CVEs: CVE-2023-23608 CVE-2025-27154 Upstream summary: [email protected] reports: Spotipy is a lightweight Python library for […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: liboqs — Secret-dependent branching in HQC Related CVEs: CVE-2024-54137 CVE-2025-52473 Upstream summary: The OpenQuantumSafe project reports: Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Jinja2 — Sandbox breakout through attr filter selecting format method Related CVEs: CVE-2024-34064 CVE-2025-27516 Upstream summary: [email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Jinja2 — Sandbox breakout through attr filter selecting format method Related CVEs: CVE-2024-34064 CVE-2025-27516 Upstream summary: [email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-social-auth-app-django — Unsafe account association Related CVEs: CVE-2024-32879 CVE-2025-61783 Upstream summary: Michal Čihař reports: Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Pligg CMS — XSS Vulnerability Related CVEs: CVE-2009-4786 CVE-2009-4787 CVE-2009-4788 Upstream summary: Netsparker reports: Proof of Concept URL for XSS in Pligg CMS: Page: groups.php Parameter Name: keyword Parameter Type: […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: awstats — arbitrary commands execution vulnerability Related CVEs: CVE-2008-3714 CVE-2008-5080 CVE-2010-4367 Upstream summary: Awstats change log reports: Security fix (Traverse directory of LoadPlugin) Security fix (Limit config to defined directory […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rubygem-mail — multiple vulnerabilities Related CVEs: CVE-2011-0739 CVE-2012-2139 CVE-2012-2140 Upstream summary: rubygem-mail — multiple vulnerabilities Two issues were fixed. They are a file system traversal in file_delivery method and arbitrary […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: SQLite — Integer Overflow vulnerability Related CVEs: CVE-2025-29088 CVE-2025-52099 Upstream summary: http://sqlite3.com reports: Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service […]