122 matches found
PT-2025-48043
Name of the Vulnerable Software and Affected Versions Grype versions 0.68.0 through 0.104.0 Description Grype, a vulnerability scanner for container images and filesystems, contains a flaw where registry credentials can be improperly included in the output of a scan. This occurs when registry...
Astra Linux - уязвимость в tomcat9
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
EUVD-2020-24268
Malware in sbrugna...
EUVD-2021-30582
Malicious code in bioql PyPI...
EUVD-2023-0546
Malicious code in bioql PyPI...
Exploit for CVE-2025-8671
PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
VIETNAMESE - Cách sử dụng - Quét một IP: python3...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...
Fedora 40 : rpki-client (2025-d5fdbedb7f)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d5fdbedb7f advisory. rpki-client 9.5 - rpki-client now includes arin.tal which is no longer legally encumbered. See https://www.arin.net/announcements/20250116-tal/ - rpki-client...
Recommended update for Maven
This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...
Editor.js vulnerable to Code Injection
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...
openSUSE Security Advisory (openSUSE-SU-2024:0227-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0227-1 Security update for gh
This update for gh fixes the following issues: Update to version 2.53.0: CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file boo1227035 Disable TestGetTrustedRoot/successfullyverifiesTUFroot test due to https://github.com/cli/cli/issues/8928 Rename...
RHEL 7 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - tomcat: HTTP request smuggli...
GHSA-J5VM-7QCC-2WWG Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see 3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has be...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...
BIT-TOMCAT-2022-45143 Apache Tomcat: JsonErrorReportValve escaping
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...
Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server
Summary Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server Vulnerability Details CVEID:CVE-2023-28708 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure...