CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-9100

The CVE-2026-9100 entry affects the MongoDB C Driver’s legacy GridFS API. The issue arises when reading GridFS metadata with the legacy API, where malformed metadata from the database can trigger a crash (division-by-zero) or an out-of-bounds read that leaks process memory. Reports in connected r...

CVE-2026-44338

PraisonAI ships a legacy Flask API server with authentication disabled by default in versions 2.5.6 through before 4.6.34. The root cause is APIServer.check_auth() short-circuiting when AUTH_ENABLED is False, allowing unauthenticated access to /agents and triggering the agents.yaml workflow via /...

CVE-2025-14376

A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024...

CVE-2023-53798

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

Linux Distros Unpatched Vulnerability : CVE-2023-53798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since...

CVE-2023-53798 ethtool: Fix uninitialized number of lanes

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

CVE-2023-53798 ethtool: Fix uninitialized number of lanes

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

PT-2025-49658

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtool link ksettings' is not initialized in this path,...

CVE-2012-10063

Nagios XI versions prior to 2012R1.3 contain an authenticated SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Exploitation requires crafted input to specific CCM parameters and can disclose or modify configuration data stored in the application database, with...

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

CVE-2025-59034

The CVE-2025-59034 affects Indico before version 3.3.8, where a legacy API for retrieving user details could disclose profile data of other users due to a broken access check in Flask-Multipass-based authentication. The issue enables unauthorized access without admin permissions; impact is limite...

CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

PT-2025-37074

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.8 Description: Indico is an event management system that utilizes Flask-Multipass, a multi-backend authentication system for Flask. A broken access check in a legacy API used to retrieve user details allowed...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

CVE-2025-52219

SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection...

Malicious code in Be.Vlaanderen.Basisregisters.PаrcеlRegistry.Api.Legacy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in Be.Vlаanԁeren.Basisregisters.AddressRegistry.Apі.Legaсy (NuGet)

--- -= Per source details. Do not edit below this line.=-...