CVE-2024-23830 MantisBT Host Header Injection vulnerability

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...

GHSA-R4Q3-7G4Q-X89M

creationtimestamp| type| source ---|---|--- 2024-01-23 15:56:38+00:00| seen| https://t.me/ctinow/172077 2025-06-17 11:50:03+00:00| seen| https://gist.github.com/safer-bot/3b6f58842b89a0626fbc1de3dc57a9d6 2025-07-16 03:12:09+00:00| seen|...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

GHSA-88J4-PCX8-Q4Q3 Password Change Vulnerability

Overview: A moderate security vulnerability has been identified in Uptime Kuma platform that poses a significant threat to the confidentiality and integrity of user accounts. When a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged...

Exploit for Out-of-bounds Write in Google Chrome

level 1: craft.c - bad.webp bash exist: docker 813b6b757...

GHSA-FWR2-64VR-XV9M Argo CD cluster secret might leak in cluster details page

Impact Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and...

CVE-2023-40182 silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

GHSA-WQC8-X2PR-7JQH RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape

Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...

GHSA-4HPJ-8RHV-9X87 Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module

Impact The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of Products.CMFCore, such as Plone. All...

Fedora 38 : golang (2023-7eb5fe654d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7eb5fe654d advisory. go1.20.4 released 2023-05-02 includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the...

GHSA-2Q5C-QW9C-FMVQ Argo CD authenticated but unauthorized users may enumerate Application names via the API

Impact All versions of Argo CD starting with v0.5.0 are vulnerable to an information disclosure bug allowing unauthorized users to enumerate application names by inspecting API error messages. An attacker could use the discovered application names as the starting point of another attack. For...

Design/Logic Flaw

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues i.e. having Private view status, or belonging to a private Proje...

CVE-2023-22476

Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...

Controller reconciles apps outside configured namespaces when sharding is enabled

Impact All Argo CD versions starting with 2.5.0-rc1 are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Description of exploit Reconciled Application namespaces are specified as a comma-delimited lis...

Android and iOS leak some data outside VPNs

Virtual Private Networks VPNs on Android and iOS are in the news. Its been discovered that in certain circumstances, some of your traffic is leaked so it ends up outside of the safety cordon created by the VPN. Mullvad, the discoverers of this Android "feature" say that it has the potential to...

Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint

Impact An authenticated user can perform a remote Denial of Service attack against Fat Free CRM. This vulnerability has been assigned the CVE identifier: CVE-2022-39281 Affected versions: All Not affected: None Fixed versions: 0.20.1 All users running an affected release should either upgrade or...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website - Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed...