Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

EUVD-2025-17523

Malicious code in bioql PyPI...

EUVD-2025-28575

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-3760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests...

WordPress plugin Football Pool 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Registrations for the Events Calendar 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

CVE-2024-38514

NextChat (UI for ChatGPT/Gemini) is affected by a Server-Side Request Forgery (SSRF) flaw in the WebDav API endpoint caused by missing validation of the GET parameter endpoint. The issue enables unauthenticated actors to trigger arbitrary HTTPS requests (MKCOL, PUT, GET) from the vulnerable insta...

PT-2024-28043 · Nextchat · Nextchat

Name of the Vulnerable Software and Affected Versions: NextChat versions prior to 2.12.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This is due to a lack of validation of the endpoint GET parameter on the "WebDav API endpoint". The SSRF can be used to...

CVE-2021-44832 Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4J-Mitigation-CVE-2021-44228https://vulners.com/cve/CVE-...

OPENSUSE-SU-2021:1054-1 Security update for icinga2

This update for icinga2 fixes the following issues: Update to 2.12.4 Bugfixes - Fix a crash when notification objects are deleted using the API 8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API 8785 - Fix an issue where...

OPENSUSE-SU-2021:1053-1 Security update for icinga2

This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.4 Bugfixes - Fix a crash when notification objects are deleted using the API 8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API 8785 - Fix an issue whe...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

CVE-2021-32739 Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

Icinga 安全漏洞

Icinga is a scalable server and network resource monitoring system from the German company Icinga. A security vulnerability exists in Icinga that stems from a privilege escalation issue in Icinga from versions 2.4.0 to 2.12.4 that allows authenticated API users. The vulnerability can be exploited...

PT-2021-4011 · Icingadb +4 · Icingadb +7

Name of the Vulnerable Software and Affected Versions: Icinga versions prior to 2.11.10 Icinga versions 2.12.0 through 2.12.4 Description: The issue concerns the exposure of credentials for external services through the API to authenticated API users with read permissions for the corresponding...