CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

PT-2026-5731

Name of the Vulnerable Software and Affected Versions SignalK Server versions prior to 2.20.3 Description SignalK Server contains a path traversal issue in the applicationData API. Authenticated users on Windows systems can potentially read, write, and list arbitrary files and directories on the...

EUVD-2018-0555

Malware in sbrugna...

EUVD-2024-36504

Malicious code in bioql PyPI...

PT-2024-27383 · Unknown · Transition Slider

Name of the Vulnerable Software and Affected Versions: Transition Slider – Responsive Image Slider and Gallery versions n/a through 2.20.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stor...

Buttercup allows attackers to obtain the hash of the master password

Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3...

GHSA-7CWQ-P8CR-H9QG Buttercup allows attackers to obtain the hash of the master password

Buttercup allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3...

Design/Logic Flaw

DNRD aka Domain Name Relay Daemon 2.20.3 forwards and caches DNS queries with the CD aka checking disabled bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...

Domain Name Relay Daemon 安全漏洞

Domain Name Relay Daemon DNRD is a Sourceforge open source caching, forwarding DNS proxy server. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from a domain name and its associated IP address being cached in its misinterpreted form, where the...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:3473-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

org.apache.camel:camel-mail-starter (>=2.20.0 <=2.20.3), org.wildfly.camel.example:example-camel-mail (>=5.0.0 <=5.1.0) potentially affected by CVE-2018-8041 via org.apache.camel:camel-mail (>=2.20.0 <=2.20.3)

org.apache.camel:camel-mail MAVEN version =2.20.0, =2.20.0, =5.0.0, =5.1.0 Source cves: CVE-2018-8041 Source advisory: OSV:GHSA-JV74-F9PJ-XP3F...

com.consol.citrus:citrus-camel (>=2.7.4 <=2.7.9), com.github.igor-suhorukov:camel-aws (>=2.20.1.2 <=2.20.1.5) +743 more potentially affected by CVE-2018-8027 via org.apache.camel:camel-core (>=2.20.0 <=2.20.3)

org.apache.camel:camel-core MAVEN version =2.20.0, =2.7.4, =2.20.1.2, =2.20.0, =0.1.0, =1.0.0, =2.20.0, =1.2.23-RELEASE, =1.31.1, =1.5.5, =1.12.0, =2.0.0, =1.12.0, =1.3.0, =1.3.0-20180301, =1.3.0-20180304 and more Source cves: CVE-2018-8027 Source advisory: OSV:GHSA-8VFM-4388-6RPC...

CVE-2018-8041

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal...

WebkitGTK+ 2.20.3 - &#039;ImageBufferCairo::getImageData()&#039; Buffer Overflow (PoC)

Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link: https://webkitgtk.org/releases/ & https://wpewebkit.org/releases/ Version: RefPtr...

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...