Linux Distros Unpatched Vulnerability : CVE-2017-12426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab Community Edition CE and Enterprise Edition EE before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4...

Linux Distros Unpatched Vulnerability : CVE-2017-0925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting...

Linux Distros Unpatched Vulnerability : CVE-2019-15578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. The path of a private project, that...

The Biosig Project libbiosig MFER Tag 63 parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2235 The Biosig Project libbiosig MFER Tag 63 parsing heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53557 SUMMARY A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosi...

The Biosig Project libbiosig RHS2000 parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2240 The Biosig Project libbiosig RHS2000 parsing heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-48005 SUMMARY A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig...

The Biosig Project libbiosig MFER unvalidated length stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2234 The Biosig Project libbiosig MFER unvalidated length stack-based buffer overflow vulnerability August 25, 2025 CVE Number...

Linux Distros Unpatched Vulnerability : CVE-2019-6789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosu...

Linux Distros Unpatched Vulnerability : CVE-2016-10515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. CVE-2016-10515 Note that...

MAL-2025-41298 Malicious code in image-memory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 40ad268d8e5d26e3c122a979160b815c349dc3cd4d22004530c3a5ca5c4299a9 The OpenSSF Package Analysis project identified 'image-memory' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

CGA-PRJ6-RP27-GHPR

Bulletin has no description...

MAL-2025-41272 Malicious code in tombac-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3cbbd454182b1e77985f474c87e277b8b0e4efa49cc80edb90c60f7d3a12914 The OpenSSF Package Analysis project identified 'tombac-icons' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2025-57768

Phproject (versions 1.8.0–1.8.2; fixed in 1.8.3) contains a Stored XSS in the Planned Hours field during project creation. A POST to /issues/new/ echoes the planned_hours value in the HTML without encoding/sanitization, allowing a attacker-supplied payload (e.g., ) to execute in the browser. The ...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

MAL-2025-41259 Malicious code in amp-metrics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dacbeb50af065a576ade73d084e6ac504cb061d33ebdb8fe8d72839b926e9d59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Phproject 跨站脚本漏洞

Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-4962

An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...