GHSA-8W87-58W6-HFV8 Rancher doesn't properly sanitize credentials in cluster template answers

Impact It was discovered that in Rancher versions up to and including 2.5.12 and 2.6.3 there is a failure to properly sanitize credentials in cluster template answers. This failure can lead to plaintext storage and exposure of credentials, passwords and API tokens. The exposed credentials are...

EUVD-2007-4477

Malware in sbrugna...

EUVD-2024-26174

Malicious code in bioql PyPI...

EUVD-2023-26638

Malicious code in bioql PyPI...

EUVD-2023-0654

Malicious code in bioql PyPI...

EUVD-2022-43323

Malicious code in bioql PyPI...

EUVD-2021-31356

Malicious code in bioql PyPI...

CVE-2025-43241

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to read files outside of its sandbox...

CVE-2025-43241

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to read files outside of its sandbox...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

PT-2025-8668

Name of the Vulnerable Software and Affected Versions Simple Certain Time to Show Content WordPress plugin versions prior to 1.3.1 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputt...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

CVE-2025-26604

Discord-Bot-Framework-Kernel is a Discord bot framework built with interactions.py, featuring modular extension management and secure execution. Because of the nature of arbitrary user-submited code execution, this allows user to execute potentially malicious code to perform damage or extract...

BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

CVE-2024-9155

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

CVE-2023-39508 Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

Zero address Pauser assignment

Lines of code Vulnerability details Impact By exploiting the unpauser role's access to call setPauser with any address input, an attacker could permanently disable a core functionality pausing/unpausing the token by assigning a zero address as the pauser. No pauser would mean no ability to freeze...

Cross-site Scripting (XSS) - Stored

Description The stored XSS vulnerability found in the caliber-web application is a security flaw that allows an attacker to execute malicious code in a user's browser. The vulnerability affects the "/ajax/pathchooser/" endpoint and is present in the "path" parameter, which is sent via the GET...