CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

GHSA-86WQ-234Q-R6WG Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

EUVD-2000-1107

Malware in sbrugna...

EUVD-2013-4251

Malware in sbrugna...

EUVD-2015-7747

Malware in sbrugna...

EUVD-2011-0221

Malware in sbrugna...

EUVD-2013-4240

Malware in sbrugna...

Moodle 4.3.x < 4.3.8 Reflected XSS In Question Bank Filter

According to its self-reported version, the Moodle install hosted on the remote host is 4.3.x prior to 4.3.8 or 4.4.4 prior to 4.4.5 or 4.5.x prior to 4.5.1 . It is, therefore, affected by a Reflected XSS in question bank filter. Note that the scanner has not tested for these issues but has inste...

Moodle 4.3.x < 4.3.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

Linux Distros Unpatched Vulnerability : CVE-2015-8104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

WordPress 4.3.x < 4.3.33 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

K17530: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702

Security Advisory Description CVE-2015-7691 The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an...

K17515: NTP vulnerability CVE-2015-7855

Security Advisory Description The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 Impact A locally authenticated user may ...

SUSE CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

SUSE CVE-2015-7701

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

SUSE CVE-2016-2519

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value...

GHSA-9HH2-8CW6-HFV7 TYPO3 Cross-Site Scripting vulnerability in the Install Tool

Multiple cross-site scripting XSS vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

TYPO3 Cross-Site Scripting vulnerability in the Install Tool

Multiple cross-site scripting XSS vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...