28734 matches found
CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
DEBIAN-CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
UBUNTU-CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities...
CVE-2025-53192
Apache Commons OGNL (OGNL library) contains an improper neutralization of expression/command delimiters when using Ognl.getValue, allowing bypass of blocklisted dangerous classes and potentially enabling arbitrary code execution. Affected: OGNL engine across versions; impact noted as high (CVE-20...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...
CVE-2025-4962
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
CVE-2025-4962
CVE-2025-4962 describes an Insecure Direct Object Reference (IDOR) in Lunary API. The vulnerability exists in the endpoint POST /v1/templates and allows an authenticated user to create templates in another user’s project by manipulating the projectId query parameter. Root cause: missing server-si...
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability was identified in the POST /v1/templates endpoint of the Lunary API, affecting versions up to 0.8.8. This vulnerability allows authenticated users to create templates in another user's project by altering the projectId query parameter. The ro...
GO-2025-3873 Komari vulnerable to 2FA Authentication Bypass in github.com/komari-monitor/komari
Komari vulnerable to 2FA Authentication Bypass in github.com/komari-monitor/komari...
Malicious code in swiv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 945d4a5f54e77ae66588b5b64aa30eb2627903bffcb72a3031b9c4b6b2122b43 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2025-33693 · Apache +1 · Apache Commons Ognl +1
Name of the Vulnerable Software and Affected Versions: Apache Commons OGNL affected versions not specified Description: An improper neutralization of expression/command delimiters issue exists in Apache Commons OGNL. The OGNL engine, when used with the Ognl.getValue API, parses and evaluates...
PT-2025-33652 · Lunary · Lunary
Name of the Vulnerable Software and Affected Versions: Lunary versions up to 0.8.8 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the POST /v1/templates endpoint of the Lunary API. The vulnerability allows authenticated users to create templates in another user's...
Linux Distros Unpatched Vulnerability : CVE-2022-1193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details...
Linux Distros Unpatched Vulnerability : CVE-2023-1084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15....
Linux Distros Unpatched Vulnerability : CVE-2020-13303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can acces...
Linux Distros Unpatched Vulnerability : CVE-2021-22228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14...