XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

PT-2026-37182

Name of the Vulnerable Software and Affected Versions ParquetSharp versions 18.1.0 through 23.0.0 Description ParquetSharp is a .NET library used for reading and writing Apache Parquet files. The ReadDecimal function in DecimalConverter performs a stackalloc operation using a value that can be...

CVE-2025-2937

Removed by vendor...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 18.0 through 18.0.4 and 18.1 through 18.1.2, which stems from an authentication maintainer potentially bypassing...

CVE-2024-37154

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

CVE-2024-37154

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

CVE-2024-37154 Evmos allows unvested token delegations

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

CVE-2024-37154 Evmos allows unvested token delegations

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier...

PT-2024-27337 · Evmos · Evmos

Name of the Vulnerable Software and Affected Versions: Evmos versions prior to V18.1.0 Description: The issue is related to liquid staking using Safe, which is a contract. The bug appears when there is a local state change together with an ICS20 transfer in the same function, and it uses the...

Code injection

The web interface for NSSLGlobal SatLink VSAT Modem Unit VMU devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code...