Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...

GHSA-JXM3-PMM2-9GF6 Craft CMS has Permission Bypass and IDOR in Duplicate Entry Action

Description The "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is restricted in the UI, a user can bypass this restriction by sending a direc...

EUVD-2013-0996

Malware in sbrugna...

EUVD-2016-6689

Malware in sbrugna...

EUVD-2016-4596

Malware in sbrugna...

EUVD-2014-1124

Malware in sbrugna...

EUVD-2014-2220

Malware in sbrugna...

EUVD-2020-1055

Malware in sbrugna...

EUVD-2021-27407

Malware in sbrugna...

EUVD-2019-6606

Malware in sbrugna...

EUVD-2016-2510

Malware in sbrugna...

EUVD-2018-8507

Malware in sbrugna...

EUVD-2012-4474

Malware in sbrugna...

EUVD-2023-36642

Malicious code in bioql PyPI...

EUVD-2024-40766

Malicious code in bioql PyPI...

EUVD-2022-45164

Malicious code in bioql PyPI...

EUVD-2022-38944

Malicious code in bioql PyPI...

EUVD-2023-37339

Malicious code in bioql PyPI...

EUVD-2024-2018

Malicious code in bioql PyPI...