CVE-2025-13927

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data...

CVE-2025-13927 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data...

CVE-2025-13927

Removed by vendor...

CVE-2022-33683

Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...

PT-2026-1448

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

ROS-20251226-7307

A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of insecure mechanisms for processing authentication data in the operating system memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

Konica Bizhub Multifunction Printers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20871)

If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message...

EUVD-2025-203081

Apache StreamPark uses a Weak Encryption Algorithm...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

AI Service Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers...

Third-Party Service Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private or cloud services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers...

CVE-2025-12419

Mattermost contains an OAuth/OpenID Connect validation flaw where OAuth state tokens are not properly validated during authentication, enabling an authenticated attacker with team-creation privileges to take over a user account by manipulating data in the OAuth completion flow. The issue affects ...

Security update for squid

This update for squid fixes the following issues: CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

CVE-2025-12508

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality...

CVE-2025-12508

CVE-2025-12508 affects BRAIN2: when domain users act as BRAIN2 users, communication with Active Directory services is unencrypted, risking interception of authentication data and confidentiality. Documents consistently identify BRAIN2 as the affected software and describe the unencrypted AD traff...

CVE-2025-12508 Unencrypted communication to Active Directory services

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality...

CVE-2025-12508 Unencrypted communication to Active Directory services

When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality...

[SECURITY] [DSA 6047-1] squid security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6047-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 30, 2025 https://www.debian.org/security/faq -...

Debian dsa-6047 : squid - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6047 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6047-1 [email protected] https://www.debian.org/security/...