10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6567 more potentially affected by CVE-2026-27903 via minimatch (>=9.0.0 <=9.0.6)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-27903 Source advisory: SNYK:JS-MINIMATCH-15353389...

RLSA-2025:8816 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Securi...

Linux Distros Unpatched Vulnerability : CVE-2020-13670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they ...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Securi...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2023-50315)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

CVE-2023-28874

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...

CVE-2023-28873

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...

CVE-2023-28873

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...

Code injection

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...

Cross site scripting

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor...

Seafile Security Breach

HaiwenHuzhi Network Technology Seafile is an open source enterprise cloud disk from China HaiwenHuzhi Network Technology. The product has Markdown WYSIWYG editing, Wiki, file labeling and other features. A security vulnerability exists in Seafile version 9.0.6, which stems from the presence of...

CVE-2023-28873

The CVE-2023-28873 entry concerns Seafile 9.0.6 with an XSS flaw in wiki and discussion pages that permits injecting JavaScript into the Markdown editor. The connected PT-Security advisory confirms the affected software and describes the vulnerability as an XSS vector in the Markdown editor, with...

Seafile Security Breach

HaiwenHuzhi Network Technology Seafile is an open source enterprise cloud disk from China HaiwenHuzhi Network Technology. The product features Markdown WYSIWYG editing, Wiki, file labeling and more. A security vulnerability exists in Seafile version 9.0.6, which originated from allowing an attack...

CVE-2023-40597

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...

CVE-2023-40598

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code ...

Code injection

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code...

CVE-2023-40594 Denial of Service (DoS) via the ‘printf’ Search Function

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service DoS against the Splunk Enterprise instance...

PT-2023-27528 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.12 Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 9.1.1 Description: The issue allows an attacker to perform a denial of service DoS against the Splunk Enterprise instance...