UBUNTU-CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

CVE-2026-25932

GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...

EUVD-2026-8814

Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...

PT-2026-22102

Name of the Vulnerable Software and Affected Versions Agenta-API versions prior to 0.48.1 Description Agenta is an open-source LLMOps platform. In Agenta-API versions prior to 0.48.1, a Python sandbox escape existed in Agenta's custom code evaluator. The platform used RestrictedPython as a...

OPENSUSE-SU-2024:11245-1 python36-oletools-0.60-2.2 on GA media

These are all security issues fixed in the python36-oletools-0.60-2.2 package on the GA media of openSUSE Tumbleweed...

Kossy Security Breach

Kossy is a web application framework developed by Masahiro Nagano, an individual developer in Japan. A security vulnerability exists in Kossy module version 0.60, which stems from mishandling of X-Requested-Wise, allowing an attacker to perform JSON hijacking...

PT-2024-11205 · Kossy · Kossy

Name of the Vulnerable Software and Affected Versions: Kossy module versions prior to 0.60 Description: The issue allows JSON hijacking due to mishandling of the X-Requested-With header. This can be exploited because of improper handling in the Kossy module for Perl. Recommendations: For versions...

CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

UBUNTU-CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

CVE-2023-28636 GLPI vulnerable to stored Cross-site Scripting in external links

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2021-25284 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2021-25284 Source advisory: OSV:PYSEC-2021-53...

DAViCal Andrew's Web Libraries Authorization Issues Vulnerability (CNVD-2020-25813)

DAViCal Andrew's Web Libraries AWL is an AWL project that focuses on providing some shared PHP libraries for DAViCal, a calendar sharing server. An authorization issue vulnerability exists in DAViCal AWL version 0.60 and earlier, which stems from a failure of the session management mechanism to u...

DAViCal Andrew's Web Libraries Authorization Issues Vulnerability

DAViCal Andrew's Web Libraries AWL is an AWL project that focuses on providing some shared PHP libraries for DAViCal, a calendar sharing server. An authorization issue vulnerability exists in DAViCal AWL version 0.60 and earlier. A remote attacker could exploit this vulnerability to impersonate a...

DEBIAN-CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

PuTTY DoS Vulnerability

PuTTY is prone to denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:putty:putty"; ifdescriptio...

Putty Denial of Service Vulnerability

This host is installed with Putty and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodputtydosvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Putty Denial of Service Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 SecPod, http://www.secpod.com Thi...

PuTTY 0.60 Denial Of Service (DOS)

No description provided by source. print "\n" print "----------------------------------------------------------------" print "| putty 0.60 Null Ptr |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n" import sys, socket, binascii...

putty 0.60 Denial Of Service

Exploit for windows platform in category dos / poc print "\n" print "----------------------------------------------------------------" print "| putty 0.60 Null Ptr |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n" import sys,...

PuTTY SSH身份验证密码信息泄露漏洞

BUGTRAQ ID: 51021 PuTTY是Windows和Unix平台上的PuTTYTelnet和SSH的实现，带有xterm终端模拟器。 PuTTY 0.59到0.61版本没有删除身份验证过程中用户输入的内容，在内存中保存了用户的密码，成功利用后可使攻击者获取敏感信息。 Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59 厂商补丁： Simon Tatham ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...