7 matches found
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
CVE-2026-39386
Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...
CVE-2025-40765
A vulnerability has been identified in TeleControl Server Basic V3.1 All versions = V3.1.2.2 V3.1.2.3. The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform...
EUVD-2025-28121
Malicious code in bioql PyPI...
PT-2024-21728 · Unknown · Configure Smtp
Name of the Vulnerable Software and Affected Versions: Configure SMTP versions n/a through 3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means an attacker can inject...
aether-sdk (>=1.3.4 <=1.3.8), alcali (=3003.1.0) +232 more potentially affected by CVE-2021-28658 via django (>=3.1.0 <=3.1.7)
django PYPI version =3.1.0, =1.3.4, =0.2.0, =0.16.12, =0.8.8, =0.5.0, =0.1.0, =1.0.0b3, =2.2.0, =0.0.1, =2.11.0, =2.12.6 and more Source cves: CVE-2021-28658 Source advisory: OSV:GHSA-XGXC-V2QG-CHMH...
CVE-2013-0189
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service resource consumption via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or...