Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use an improperly formatted OID in a SET request to the nsVacmAccessTable, causing a NULL pointer derefrence. Version 5.9.2 includes a patch to addre...

Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX in NET-SNMP-VACM-MIB could lead to an out-of-bounds memory access. A user with read-only credentials could exploit this issue. Version 5.9.2...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

USN-8110-1: Net-CIDR vulnerability

Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibly use this to bypass IP-based restrictions...

Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

EUVD-2002-0796

Malware in sbrugna...

EUVD-2002-0523

Malware in sbrugna...

EUVD-2023-34065

Malicious code in bioql PyPI...

EUVD-2022-29609

Malicious code in bioql PyPI...

EUVD-2022-34630

Malicious code in bioql PyPI...

EUVD-2023-54734

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2022-2228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the...

Linux Distros Unpatched Vulnerability : CVE-2022-1983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker...

CVE-2025-6504 Possibilities of IP Spoofing via X-Forwarded-For (XFF) Header

In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be...

Cisco ISE和Cisco ISE-PIC 安全漏洞

Cisco ISE and Cisco ISE-PIC are both products of Cisco, Inc.Cisco ISE is a NAC solution. It is used to manage access to network resources by endpoints, users, and devices in a zero-trust architecture.Cisco ISE-PIC is a component ... A security vulnerability exists in Cisco ISE and Cisco ISE-PIC...

CVE-2025-49537

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user...

BIT-GITLAB-2025-5982 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...