EUVD-2025-198271

@perfood/couch-auth may expose session tokens, passwords...

CouchAuth 安全漏洞

CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...

EUVD-2016-2682

Malware in sbrugna...

OPENSUSE-SU-2025:15550-1 cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media

These are all security issues fixed in the cargo-audit-0.21.2git0.18e58c2-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-29032

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

CouchAuth has a Server-Side Template Injection vulnerability in its email functionality

A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...

PT-2025-6098 · Perfood · Couch-Auth

Name of the Vulnerable Software and Affected Versions: perfood/couch-auth versions = 0.21.2 Description: A host header injection vulnerability exists in the NPM package of perfood/couch-auth. By sending a specially crafted host header in the email change confirmation request, it is possible to...

zhmc-prometheus-exporter (=0.6.1), zhmccli (=0.21.2) potentially affected by CVE-2024-53865 via zhmcclient (=0.30.2)

zhmcclient PYPI version =0.30.2 is affected by a known vulnerability. The following packages have a transitive dependency on zhmcclient and may be impacted: - zhmc-prometheus-exporter =0.6.1 - zhmccli =0.21.2 Source cves: CVE-2024-53865 Source advisory: OSV:GHSA-P57H-3CMC-XPJQ...

CVE-2024-29032

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskitibmruntime.RuntimeDecoder can lead to arbitrary code...

PT-2024-22685 · Ibm · Qiskit Ibm Runtime

Name of the Vulnerable Software and Affected Versions: Qiskit IBM Runtime versions 0.1.0 through 0.21.1 Description: The issue concerns the deserialization of JSON data using qiskit ibm runtime.RuntimeDecoder, which can lead to arbitrary code execution given a correctly formatted input string. Th...

CVE-2024-25767

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c...

PT-2024-21132 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: nanomq version 0.21.2 Description: The issue is a Use-After-Free vulnerability located in /nanomq/nng/src/core/socket.c. Recommendations: For nanomq version 0.21.2, at the moment, there is no information about a newer version that contains a...

CVE-2024-25767

CVE-2024-25767 affects nanomq 0.21.2. The vulnerability is a Use-After-Free in the file /nanomq/nng/src/core/socket.c. It is described in multiple sources (NVD/Red Hat/CVE lists) with a Medium base score (CVSS 3.1: 6.5) and a Network attack vector with low attack complexity, no privileges, and no...

NanoMQ Security Vulnerabilities

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies. A security vulnerability exists in NanoMQ version 0.21.2, which stems from a post-release reuse vulnerability in the /nanomq/nng/src/core/socket.c file...

[ASA-202112-12] grafana-agent: information disclosure

Arch Linux Security Advisory ASA-202112-12 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-41090 Package : grafana-agent Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2614 Summary ======= The package grafana-agen...

Cross site scripting

Cross Site Scripting XSS in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter...

PT-2021-10372 · Unknown · Racktables

Name of the Vulnerable Software and Affected Versions: Racktables version 0.21.2 Description: The issue allows an attacker to inject arbitrary web script or HTML via the op parameter in the redirect module. This enables the attacker to perform Cross Site Scripting XSS attacks. Recommendations: Fo...

GHSA-CPH5-M8F7-6C5X axios Inefficient Regular Expression Complexity vulnerability

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity...

[SECURITY] Fedora 34 Update: rust-gettext-sys-0.21.2-1.fc34

Raw FFI bindings for gettext...