CVE-2025-57325

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of...

PT-2025-39334

Name of the Vulnerable Software and Affected Versions rollbar versions prior to 2.26.4 Description rollbar is a package used for tracking and debugging errors in JavaScript applications. A flaw exists in the utility.set function that allows attackers to inject properties onto Object.prototype by...

Linux Distros Unpatched Vulnerability : CVE-2025-46415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28....

MantisBT < 2.26.4 Information Disclosure (0034640)

The version of MantisBT installed on the remote host is prior to 2.26.4. It is, therefore, affected by a information disclosure vulnerability as referenced in the 0034640 advisory. - Mantis Bug Tracker MantisBT is an open source issue tracker. Using a crafted POST request, an unprivileged,...

Insecure Direct Object References

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Direct Object References due to ‘profileid’ parameter being manipulated to switch to a different post, when attempting to update a profile entry. This allows users to enumerate other...

PT-2024-31773 · Unknown · Mantis Bug Tracker

Name of the Vulnerable Software and Affected Versions: Mantis Bug Tracker MantisBT versions prior to 2.26.4 Description: The issue allows an unprivileged, registered user to retrieve information about other users' personal system profiles using a crafted POST request. This can lead to the...

WebkitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

Memory corruption

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 which are the versions right before 2.28.0 contains a memory corruption issue use-after-free that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling...

UBUNTU-CVE-2020-10018

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 which are the versions right before 2.28.0 contains a memory corruption issue use-after-free that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:0278-1 Rating: important References: 1159329 1161719 1163809 Cross-References: CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 Affected...

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

CVE-2018-14060

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

CVE-2013-0348

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file...