Insertion of Sensitive Information Into Sent Data

Overview @sentry/sveltekit is an Official Sentry SDK for SvelteKit Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the sendDefaultPii configuration option. An attacker can gain access to sensitive HTTP headers, such as authentication...

Linux Distros Unpatched Vulnerability : CVE-2025-62168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...

EUVD-2020-0630

Malware in sbrugna...

EUVD-2021-1459

Malware in sbrugna...

EUVD-2024-39644

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-53537

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...

VulnCheck KEV: CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

GHSA-3M86-C9X3-VWM9 Graylog vulnerable to privilege escalation through API tokens

Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...

GeoServer Missing Authorization on REST API Index

Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

GHSA-F9C6-2F9P-82JJ Any user with view access to the XWiki space can change the authenticator

Impact A user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administration and unless an authenticator is set in xwiki.cfg switch to another installed authenticator. Note that, by default, there is only one authenticator available...

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

PT-2023-1689 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 7 compatible versions 1.16.4 through 1.17.3 Mendix SAML Mendix 8 compatible versions 2.2.0 through 2.3.0 Mendix SAML Mendix 9 latest compatible, New Track versions 3.1.9 through 3.3.1 Mendix SAML Mendix 9 latest compatible,...

PT-2022-24861 · Unknown · Flyteadmin

Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.44 Description: The default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable authentication without changing the default clientid hashes will be exposed...

CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

PT-2022-3660 · Unknown +1 · Formidable +1

Name of the Vulnerable Software and Affected Versions: formidable version 3.1.4 formidable version 3.2.4 Description: An arbitrary file upload vulnerability in formidable allows attackers to execute arbitrary code via a crafted filename. Some third parties dispute this issue because the product h...

Ingate Firewall: Removed PPTP tunnels not deactivated

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Ingate Firewall Versions: 4.1.3 and earlier Tracking ID: 1826 Summary ======= Active PPTP tunnels in Ingate Firewall are not deactivated when a PPTP user is disabled. If a user has an active PPTP connection to an Ingate Firewall, and that use...

malicious PHP source injection in phpBB

JCC Security Advisory June 16, 2002 malicious PHP source injection in phpBB Description phpBB is one of popular PHP bulletin board systems. When allowurlfopen = On and registerglobals = On in php.ini, phpBB has vulnerability because install.php contains dangerous codes. So an attacker can include...