93 matches found
Astro Cloudflare Adapter - Server Side Request Forgery
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...
EUVD-2026-19248
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...
CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
UBUNTU-CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
CVE-2025-66417
GLPI (from version 11.0.0 up to, but not including, 11.0.3) is affected by an unauthenticated SQL injection via the inventory endpoint. The root cause is improper handling of input in the inventory API, enabling arbitrary SQL execution. The issue is fixed in version 11.0.3. The vulnerability is d...
CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
UBUNTU-CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
EUVD-2025-206294
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-64516 GLPI incorrectly authorizes access to documents
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-64516 GLPI incorrectly authorizes access to documents
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-64516
GLPI before versions 10.0.21 and 11.0.3 suffers an access-control vulnerability where an unauthorized user can view documents attached to any item (tickets, assets, etc.). If the public FAQ is enabled, this can be exploited anonymously. The issue is fixed in GLPI 10.0.21 and 11.0.3. CVSS v3.1 sco...
PT-2026-3058
Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.21 GLPI versions prior to 11.0.3 Description An unauthorized user can access GLPI documents attached to any item, such as tickets or assets. If the public FAQ is enabled, this unauthorized access can be performed by...
[R1] Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability
R1 Nessus Agent Versions 11.0.3 and 10.9.3 Fix One Vulnerability Arnie Cabral Wed, 01/07/2026 - 08:47 A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...
Glob 操作系统命令注入漏洞
Glob is a file matching software by isaacs individual developers. An operating system command injection vulnerability exists in Glob versions 10.3.7 through 11.0.3, which stems from command injection and could lead to arbitrary code execution...
EUVD-2025-17578
Malicious code in bioql PyPI...
EUVD-2025-12327
Malicious code in bioql PyPI...