EUVD-2025-27069

Malicious code in bioql PyPI...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437

Coder versions 2.22.0–2.24.3, 2.25.0–2.25.1 are affected by insecure session handling in prebuilt workspaces, exposing a session token via coder_workspace_owner.session_token. In prebuilt workspaces, the prebuilds system user initially owns the workspace; when a workspace is claimed, a new sessio...

VulnCheck KEV: CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

CVE-2024-29198 GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

GeoServer 2.10.0 < 2.24.4 Sensitive Information Exposure

According to its banner, the version of GeoServer running on the remote host is 2.10.0 prior to 2.24.4 or 2.25.x prior to 2.25.1. It is, therefore, affected by a Sensitive Information Exposure. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization via the bugactiongroup.php process. An attacker, with rights to create new issues, can clone any private issue, including all bugnotes and attachments, by manipulating the...

Insecure Storage of Sensitive Information

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information via the manageprojeditpage.php parameter. An attacker can retrieve private project names without proper access rights by manipulating the projectid...

SQL Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the mcprojectgetusers function. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL command...

MantisBT Access Control Error Vulnerability (CNVD-2021-09042)

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. An access control error vulnerability exists in MantisBT versions prior to 2.24.4, which stems from the fact th...

CVE-2020-29603

In manageprojeditpage.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manageprojeditpage.php projectid parameter, without having access to them...

MantisBT 安全漏洞

MantisBT is a lightweight, free and open source, web-based defect tracking system. An information disclosure vulnerability exists in MantisBT versions prior to 2.24.4. The vulnerability stems from a failure to check access to bugrevisionviewpage.php correctly. An attacker can exploit the...

mantis -- multiple vulnerabilities

Mantis 2.24.4 release reports: Security and maintenance release, addressing 6 CVEs: 0027726: CVE-2020-29603: disclosure of private project name 0027727: CVE-2020-29605: disclosure of private issue summary 0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and...

CVE-2019-15614

CVE-2019-15614 describes a missing sanitization in the iOS Nextcloud app (version 2.24.4) that causes a cross-site scripting (XSS) vulnerability when opening malicious HTML files. The root cause is insufficient input sanitization in the in-app webview, enabling client-side code execution. The iss...

Moderate: Red Hat Enhancement Advisory: webkit2gtk3 enhancement update

An updated webkit2gtk3 package that adds one enhancement is now available for Red Hat Enterprise Linux 8. This update adds the following enhancement: Update WebKitGTK to 2.24.4 BZ1755824. Users of webkit2gtk3 are advised to upgrade to this updated package, which adds this enhancement...

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:2345-2)

This update for webkit2gtk3 fixes the following issues : Updated to version 2.24.4 bsc1148931. Security issues fixed : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615...