65 matches found
CVE-2026-44696
OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...
CVE-2026-40556
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Red Hat Enterprise Linux 安全漏洞
Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat Corporation. Red Hat Enterprise Linux 10 contains a security vulnerability. This vulnerability arises from an improper permission setting in the /.local directory within an environment with a relaxed...
Improper Encoding or Escaping of Output
Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...
CVE-2019-7656
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/ core program files. By injecting a payload into one of those files...
SUSE-SU-2025:21026-1 Security update for samba
This update for samba fixes the following issues: Update to 4.22.5: CVE-2025-10230: Command injection via WINS server hook script bsc1251280. CVE-2025-9640: uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a...
PT-2025-52900
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ' ocfs2 move extent' function. The function previously used 'BUG' which could cause the entire kernel to crash due to filesystem corruption...
Malicious code in relaxed_orangutan_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5323efd7baca7ee888d486574e7d316ca01b6cc60d4e4f69e3d5a068f8df3438 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-95460
Malicious code in relaxedorangutanz3n npm...
EUVD-2025-95461
Malicious code in relaxedlungfishz3n npm...
MAL-2025-122839 Malicious code in relaxed_lungfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b4105df1bf0a04f574cd45a025fe5ef020f04e0ebb48a018465ff8c0855638b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-89204
Malicious code in relaxedlampreyz3n npm...
EUVD-2025-89205
Malicious code in relaxedbeetlez3n npm...
Malicious code in relaxed_lamprey_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c41f0999be44cd85ab210e9515b5392afab6c3ee7b0fb315baac2293cbfcda80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-80761
Malicious code in relaxedflamingodumbs npm...
EUVD-2025-80760
Malicious code in relaxedsnipereplicateautomation npm...
EUVD-2025-68298
Malicious code in relaxedcrabz3n npm...
EUVD-2025-74026
Malicious code in relaxedcardinalz3n npm...
EUVD-2025-74027
Malicious code in relaxedbeaverz3n npm...
MAL-2025-96263 Malicious code in relaxed_beaver_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc59b67991259cb28d7b650c8bfb258081ebb52f2134193c8406a381110e7407 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...