EUVD-2026-36279

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

Vulnerabilities fixed in SAP Products

SAP has fixed vulnerabilities in several SAP products. The vulnerabilities include a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary OS commands, and a CSRF vulnerability that allows authenticated attackers to bypass critical authorization controls. In...

EUVD-2021-28941

Malicious code in bioql PyPI...

EUVD-2024-3179

Malicious code in bioql PyPI...

TencentOS Server 4: python-openstackclient (TSSA-2024:1090)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1090 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-54683

In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== |...

AZL-55771 CVE-2024-54683 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== |...

Race Condition

OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update

An update for python-openstackclient is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

kernel: use-after-free in netfilter: nf_tables

A use-after-free flaw was found in the Linux kernel's netfilter: nftables component, which can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound, and the chain's owner rule can release the objects in...

kernel: net/mlx5: Fix steering rules cleanup

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settingsuc, mc and all in firmware are reset after EEH, mlx5 driver will try to...

CVE-2021-41946

In FiberHome VDSL2 Modem HG150-UbV3.0, a stored cross-site scripting XSS vulnerability in Parental Control -- Access Time Restriction -- Username field, a user cannot delete the rule due to the XSS...

CVE-2021-41946

In FiberHome VDSL2 Modem HG150-UbV3.0, a stored cross-site scripting XSS vulnerability in Parental Control -- Access Time Restriction -- Username field, a user cannot delete the rule due to the XSS...

Cross site scripting

In FiberHome VDSL2 Modem HG150-UbV3.0, a stored cross-site scripting XSS vulnerability in Parental Control -- Access Time Restriction -- Username field, a user cannot delete the rule due to the XSS...

CVE-2021-41946

In FiberHome VDSL2 Modem HG150-UbV3.0, a stored cross-site scripting XSS vulnerability in Parental Control -- Access Time Restriction -- Username field, a user cannot delete the rule due to the XSS...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...