Cross-site Scripting (XSS)

Overview double-take is an Unified UI and API for processing and training images for facial recognition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the app.use function in the API component when processing the X-Ingress-Path argument. An attacker can inject an...

EUVD-2025-32704

A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to...

CVE-2025-11360

A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to...

CVE-2025-11360

A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to...

CVE-2025-11360 jakowenko double-take API app.js app.use cross site scripting

A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to...

CVE-2025-11360

CVE-2025-11360 affects jakowenko double-take up to 1.13.1, specifically the API component (api/src/app.js). The vulnerability arises from manipulating the X-Ingress-Path in app.use, enabling cross-site scripting that can be exploited remotely. A fix is available in version 1.13.2; the patch is id...

Double Take 代码注入漏洞

Double Take is a unified UI and API from David Jakowenko's personal developer with functionality to process and train images for facial recognition. A code injection vulnerability exists in Double Take 1.13.1 and earlier versions, which stems from improper manipulation of the X-Ingress-Path...

PT-2025-40975

Name of the Vulnerable Software and Affected Versions jakowenko double-take versions up to 1.13.1 Description A flaw exists in the API component of jakowenko double-take. The issue is related to the app.use function within the api/src/app.js file. Manipulation of the X-Ingress-Path argument can...

EUVD-2022-4829

Malicious code in bioql PyPI...

kernel: netfilter: flowtable: incorrect pppoe tuple

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...

SUSE CVE-2024-27015

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...

SUSE CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2021:2314 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...