RHCOS 4 : OpenShift Container Platform 4.2.29 openshift (RHSA-2020:1527)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1527 advisory. - kubernetes: Use of unbounded 'client' label in apiserverrequesttotal allows for memory exhaustion CVE-2020-8552 Note that Nessus has not...

CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

CVE-2026-25519

OpenSlides prior to version 4.2.29 contains an incorrect access control in the authentication flow for users synced via an external IDP (SAML). Specifically, an attacker can log in using the local login form with the OpenSlides username of a SAML user and a trivial password, with the known passwo...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

PT-2026-2181

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.29, 4.3.17, 4.4.11, and 4.5.4 Description Mastodon is a social network server that makes outbound requests to user-provided domains. A protection mechanism exists to disallow requests to local IP addresses, intended to...

TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion

============================================================================================================================================= | Title : TerraMaster TOS 4.2.29 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989

This module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS 4.2.29 and lower by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint...

Default credentials

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

CVE-2022-24990

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...

WordPress Multiple Vulnerabilities (Oct 2020) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

Fedora 31 : php-horde-kronolith (2020-0fbd043bcf)

kronolith 4.2.29 - mjr Fix regresssion in event modification notifications Bug 15022. ---- kronolith 4.2.28 - mjr SECURITY: Don't leak private details when sending notifications for private events Bug 15011. - mjr Fix regression in display of clickable event URL property Bug 14941. Note that...