ROOT-APP-NPM-CVE-2024-29180 CVE-2024-29180 in @rootio/webpack-dev-middleware - Patched by Root

Root has patched CVE-2024-29180 in the @rootio/webpack-dev-middleware package for Root:npm. Multiple fixed versions available...

CVE-2026-29180

creationtimestamp| type| source ---|---|--- 2026-03-31 19:20:10+00:00| seen| Telegram/kcbrs7WWw-nIPeTyrZTDg68aatJd3a7QKUME-vVoB020PA...

CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

CVE-2026-29180

Fleet is an open-source device management platform. Before version 4.81.1, a broken access control in Fleet’s host transfer API allows a team maintainer to transfer hosts from any team into their own, bypassing team isolation. Once transferred, the attacker gains full control over the stolen host...

CVE-2022-29180

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2024-29180 vulnerabilities

Vulnerabilities for packages: argo-workflows...

CVE-2024-29180 vulnerabilities

Vulnerabilities for packages: argo-workflows...

Linux Distros Unpatched Vulnerability : CVE-2024-29180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.16.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift

Network Observability 1.6 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update

An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CVE-2024-29180

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

@moneko/core (>=3.9.17-beta.25 <=3.11.1-beta.2), @proteinjs/server (>=1.0.1 <=2.1.10) +2 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (=7.0.0)

webpack-dev-middleware NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on webpack-dev-middleware and may be impacted: - @moneko/core =3.9.17-beta.25, =1.0.1, =1.1.0, =0.0.101, =0.0.113 Source cves: CVE-2024-29180 Source advisory:...

CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the...

CVE-2024-29180

CVE-2024-29180 affects the webpack-dev-middleware development middleware used with webpack-dev-server/webpack-dev-middleware. The vulnerability arises from improper URL unescaping/normalization before parsing the requested file, allowing path traversal via sequences like %2e and %2f to access loc...

CVE-2023-29180

CVE-2023-29180 is a NULL pointer dereference in Fortinet FortiOS and FortiProxy that can cause a denial of service via specially crafted HTTP requests. Affected: FortiOS 7.2.0–7.2.4, 7.0.0–7.0.11, 6.4.0–6.4.12, 6.2.0–6.2.14, 6.0.0–6.0.16; FortiProxy 7.2.0–7.2.3, 7.0.0–7.0.10, 2.0.0–2.0.12, 1.2.0–...