555 matches found
EUVD-2024-2484
Malicious code in bioql PyPI...
EUVD-2022-30592
Malicious code in bioql PyPI...
geminabox
It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...
CVE-2025-54255 Acrobat Reader | Violation of Secure Design Principles (CWE-657)
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not...
CVE-2025-54252
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application...
ruby-dragonfly
This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...
Spring Framework MVC Applications Path Traversal Vulnerability
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...
Adobe Commerce 安全漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has a security vulnerability that can be exploited by an attacker to cause a security feature bypass...
NewStart CGSL MAIN 7.02 : python-pynacl Vulnerability (NS-SA-2025-0193)
The remote NewStart CGSL host, running version MAIN 7.02, has python-pynacl packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks suc...
NewStart CGSL MAIN 7.02 : libssh Vulnerability (NS-SA-2025-0184)
The remote NewStart CGSL host, running version MAIN 7.02, has libssh packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that...
PT-2025-27570 · Unknown · Trust Wallet
Name of the Vulnerable Software and Affected Versions: Trust Wallet version 8.45 Description: The issue is related to insufficient validation of the screen lock mechanism, allowing physically proximate attackers to bypass the lock screen and view the wallet balance. Recommendations: For Trust...
[SECURITY] Fedora 41 Update: keylime-agent-rust-0.2.7-5.fc41
Rust agent for Keylime...
Fedora 42 : kea (2025-dc6ec0a8e2)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-dc6ec0a8e2 advisory. - New version 2.6.3 rhbz2368989 - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 - kea.conf: Remove /tmp/ from socket-name for existing...
CVE-2024-45313
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...
CVE-2024-20821
A vulnerability possible to reconfigure OTP allows local attackers to transit RMAReturn Merchandise Authorization mode, which disables security features. This attack needs additional privilege to control TEE...
CVE-2019-15685
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and...
CVE-2019-10885
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context...
CVE-2017-8776
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the...
CVE-2025-20191
A vulnerability in the Switch Integrated Security Features SISF of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected...
CVE-2025-20191 Multiple Cisco Products Denial of Service Vulnerability
A vulnerability in the Switch Integrated Security Features SISF of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected...