736 matches found
Server-Side Request Forgery (SSRF)
hackmd-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter, which allows an attacker to redirect outbound API requests to internal...
Consul key/value endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
CLSA-2025-1761082274 Fix of 5 CVEs
SECURITY UPDATE: out-of-bound write - debian/patches/CVE-2024-11236: fix integer overflow causing in an out-of-bounds write ldapescape - CVE-2024-11236 SECURITY UPDATE: incorrect URL truncation - debian/patches/CVE-2025-1861: fix possible incorrect URL truncation and redirecting to a wrong locati...
CVE-2025-40004 net/9p: Fix buffer overflow in USB transport layer
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious...
CentOS 9 : kernel-5.14.0-626.el9
"The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-626.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the unpack function during the artifact extraction due to the lack of header.Name validation in the said function. An attacker can create or overwrite arbitrary files within system directories by supplying a...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
EUVD-2016-1720
Malware in sbrugna...
EUVD-2019-11914
Malware in sbrugna...
EUVD-2019-0708
Malware in sbrugna...
EUVD-2019-6221
Malware in sbrugna...
EUVD-2019-10525
Malware in sbrugna...
EUVD-2018-18668
Malware in sbrugna...
EUVD-2016-10487
Malware in sbrugna...
EUVD-2021-25381
Malware in sbrugna...
EUVD-2012-0497
Malware in sbrugna...
EUVD-2018-18398
Malware in sbrugna...
EUVD-2012-0099
Malware in sbrugna...
EUVD-2021-11677
Malware in sbrugna...
EUVD-2013-6508
Malware in sbrugna...