PT-2026-44146

Description SymfonyComponentYamlParser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

EUVD-2026-25639

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...

CVE-2025-71122

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMUTESTOPADDRESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARNON by corrupting the reserved interval tree. This only effects test kernels with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unpurified configuration option in comedi:multiq3, which could lead to a task timeout...

Virtuozzo Automator 7.0 Update 2 Hotfix 17 (VA MN 7.0.2-720, VA Agent 7.0.2-432)

The Hotfix 17 for Virtuozzo Automator 7.0.2 provides a new configuration option to control the use of ADH ciphers to enhance security...

EUVD-2019-4851

Malware in sbrugna...

EUVD-2010-3879

Malware in sbrugna...

SUSE CVE-2022-50448

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PTEMARKERUFFDWP compiled in When PTEMARKERUFFDWP not configured, it's still possible to reach pte marker code and trigger an warning. Add a few CONFIGPTEMARKERUFFDWP ifdefs to make sure the code won't...

CVE-2025-57806

Summary: CVE-2025-57806 affects Local Deep Research. Versions 0.2.0–0.6.7 store confidential information, including API keys, in a local SQLite database without encryption. This plaintext storage occurs in the .db file and is accessible to anyone with access to the container or host filesystem. T...

PT-2025-35502

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.27 through 7.4.3.42 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay 7.4 update 27 through update 42...

USN-7641-1 bind9 vulnerability

It was discovered that Bind incorrectly handled configurations where the stale-answer-client-timeout option is set to 0. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

Parse Server exposes the data schema via GraphQL API

Impact The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. Patches The issue has...

CLSA-2025-1751142973 git: Fix of CVE-2024-52005

CVE-2024-52005: add configuration option to sanitize sideband channel payloads...

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...

CVE-2023-31140

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

CVE-2023-23130

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP cleartext with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS durin...

CVE-2023-27591

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...