Malicious code in provider-configurations (npm)

The package provider-configurations was found to contain malicious code...

MAL-2025-30780 Malicious code in provider-configurations (npm)

The package provider-configurations was found to contain malicious code...

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2012-10055

CVE-2012-10055 affects ComSndFTP FTP Server v1.3.7 Beta. The vulnerability is a format-string flaw in the handling of the USER command that can overwrite a hardcoded function pointer (WSACleanup from Ws2_32.dll) in memory, enabling an attacker to redirect control flow and bypass DEP via a ROP cha...

EulerOS 2.0 SP13 : haproxy (EulerOS-SA-2025-1991)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the...

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

CVE-2025-8862

CVE-2025-8862 involves YugabyteDB collecting diagnostics from servers, which may include sensitive gflag configurations. The underlying issue is that this information is not properly redacted in some versions, leading to potential exposure. The connected documents consistently state the mitigatio...

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

PT-2025-32542 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB affected versions not specified Description: YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Recommendations: Upgrade the database to a version where...

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from a diagnostic information collection that may contain sensitive configurations...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...

K000152922: Apache HTTP server vulnerability CVE-2025-49630

Security Advisory Description In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP...

PT-2025-32386 · Mitel · Micollab +1

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...

CVE-2025-52913

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP2 9.8.2.12 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to...

HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

WordPress plugin Reveal Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Reveal Listing suffers from an elevation of privilege vulnerability that stems from allowing users to set roles, which can be exploited by an attacker to tamper...

python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-8286

The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device...

CVE-2025-7738

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...