GitOxide security vulnerabilities

GitOxide is a Git implementation written in Rust by Sebastian Thiel as a personal project. There is a security vulnerability in gix-date; this vulnerability stems from the asstr function potentially generating invalid non-UTF-8 strings, which may lead to unstable applications...

CVE-2025-70368

CVE-2025-70368 affects Worklenz v2.1.5, with a Stored XSS in the Project Updates feature. The Updates text field renders un-sanitized input in the reporting view, enabling malicious JavaScript execution in a user’s browser. Root cause: lack of input sanitization for stored payloads. Impact per av...

PT-2026-4763

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

buffer-overflow

Buffer Overflow Overview This repository contains educatio...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

Exploit for CVE-2025-70368

CVE-2025-70368 Stored Cross-Site Scripting XSS in Project...

CVE-2025-68898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2026-24138

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

EUVD-2026-4266

Gitea does not properly validate project ownership in organization project operations...

GHSA-RW22-5HHQ-PFPF Gitea does not properly validate project ownership in organization project operations

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

Gitea does not properly validate project ownership in organization project operations

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

PCF security vulnerabilities

PCF is a policy control module developed under the open-source Free5GC project. Version 1.4.0 of PCF contains a security vulnerability, which stems from a null pointer dereferencing in the HandleDeletePoliciesPolAssoId function...

FOG code issues and vulnerabilities

FOG is an open-source computer cloning and management system developed by the FOG Project. Versions of FOG 1.5.10.1754 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unvalidated server-side request forgery in the getversion.php script, which could lead to the...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2025-67652

CVE-2025-67652 affects AutomationDirect CLICK PLC (project file handling) with weak password encoding in the addressed project file. Root cause: insufficient encryption/secure storage of credentials, enabling an attacker with local access to the project file to impersonate users, escalate privile...

CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...