Hackers Claim Breach of Hewlett Packard Enterprise, Lists Data for Sale

Hacker IntelBroker claims to have breached Hewlett Packard Enterprise HPE, exposing sensitive data like source code, certificates, and…...

ROS-20250117-04

Visual Studio Code source code editor vulnerability is related to failure to take measures to neutralize the special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2024-52005

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

BIT-PHP-MIN-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2025-1039)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2025-1056)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-1006)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-1023)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

Unauthorized Source Code Disclosure

astro is vulnerable to unauthorized source code disclosure. The vulnerability is due to the inclusion of sourcemap files in publicly accessible folders during the build process, allowing unauthenticated users to access server source code via HTTP GET requests...

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56159

Astro CVE-2024-56159 describes an information-disclosure vulnerability where sourcemap files for server code are published publicly during build, enabling unauthenticated access to server source. Affected: server-output (SSR) projects on Astro 5.x from 5.0.3–5.0.7 with sourcemaps enabled; fix rel...

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2937)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2952)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2968)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

CVE-2024-53260

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

CVE-2024-53260

CVE-2024-53260 concerns Autolab, a course management service. A vulnerability allows a user to inject a CSV-formula via their first/last name; when an instructor downloads and opens a roster, the injected formula is evaluated, potentially leaking student information to a remote endpoint. Technica...