CVE-2026-22608

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

CVE-2026-22608

creationtimestamp| type| source ---|---|--- 2026-01-09 17:55:00+00:00| published-proof-of-concept| https://github.com/trailofbits/fickling/security/advisories/GHSA-5hvc-6wx8-mvv4 2026-01-10 03:02:28+00:00| seen| Telegram/S2KXutw1drBgRsxEuEIjByNvXPd-WruEjV0wL9OdN7BsNk 2026-01-10 04:34:32+00:00|...

Huawei HarmonyOS and EMUI out-of-bounds access vulnerability (CNVD-2025-22608)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An out-of-bounds access vulnerability exists in Huawei...

CVE-2025-22608

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...

CVE-2022-22608

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution...

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

CVE-2025-22608

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...

CVE-2025-22608

creationtimestamp| type| source ---|---|--- 2025-01-24 16:31:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113884286717742726 2025-01-24 19:25:46+00:00| seen| https://t.me/cvedetector/16315...

CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...

UBUNTU-CVE-2023-22608

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2023-22608

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-22608

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution...

CVE-2022-22608

CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...

About the security content of Xcode 13.3

About the security content of Xcode 13.3 This document describes the security content of Xcode 13.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

osTicket < 1.12.6 Multiple XSS Vulnerabilities

osTicket is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

CVE-2020-22608

CVE-2020-22608 affects osTicket (Enhancesoft) prior to v1.12.6. A cross-site scripting vulnerability exists via the queue-name parameter in include/ajax.search.php. Impact is consistent with XSS as described in multiple sources; CVSS v3.1 base score 6.1 (NETWORK, LOW ATTACK COMPLEXITY, USER INTER...

kikocosmetics.com XSS vulnerability

Vulnerable URL: https://www.kikocosmetics.com/en-us/utils/search.html?q='-alert'OPENBUGBOUNTY'-'= Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 09:40 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 22608 VIP...

Fedora Update for maradns FEDORA-2013-22608

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for maradns FEDORA-2013-22608

Check for the Version of maradns OpenVAS Vulnerability Test Fedora Update for maradns FEDORA-2013-22608 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...