ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

Astra Linux - уязвимость в docker.io-app

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...

CVE-2025-61594

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

SUSE CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

AZL-73356 CVE-2025-61594 affecting package ruby for versions less than 3.3.5-7

URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the origin...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

UBUNTU-CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-61594 URI Credential Leakage Bypass over CVE-2025-27221

URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the origin...

CVE-2025-61594

The CVE concerns the URI Ruby module. In versions ≤0.12.4 (Ruby 3.2), ≤0.13.2 (Ruby 3.3), and ≤1.0.3 (Ruby 3.4), using the + operator to join URIs could leak passwords from the original URI, bypassing a prior fix for CVE-2025-27221 and exposing credentials. Mitigations are available in fixed rele...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

guests 安全漏洞

guests is a file sharing program open-sourced by ownCloud. A security vulnerability exists in guests prior to version 0.12.5, which stems from insufficient token validation in showPasswordForm and could lead to unauthenticated user enumeration...

PT-2025-45141

Name of the Vulnerable Software and Affected Versions ownCloud Guests versions prior to 0.12.5 Description The application allows unauthenticated user enumeration through the /apps/guests/register/email/token API endpoint. Insufficient validation of the supplied token within the showPasswordForm...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

EUVD-2022-1366

Malicious code in bioql PyPI...

EUVD-2022-1432

Malicious code in bioql PyPI...

EUVD-2022-0884

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-27195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixe...