377 matches found
CVE-2021-32812
Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...
CVE-2019-9749
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker server, it mishandles incoming network messages. After processing a crafted packet, the plugin's mqttpacketdrop function in /plugins/inmqtt/mqttprot.c executes the memmove functio...
CWA Mac 2503: Launch Failure “no Citrix SSL server configured on the specified address”
Users who are on Citrix Workspace app for Mac 2503, attempting to launch Citrix sessions, may encounter a failure. The following error message is displayed to the end user: “No Citrix SSL Server configured on the specified address." as below...
Citrix License Server - Error "The License Activation Service entitlement could not be retrieved"
After upgrading the License Server to the latest version License Server 11.17.2.0, Build 51000, the following warning message is observed: "The License Activation Service entitlement could not be retrieved. Check your connection to License Activation Service and restart the web services used for...
CVE-2025-32959
CVE-2025-32959 affects CUBA Platform: before 7.2.23 the local file storage does not restrict uploaded file sizes, allowing an attacker to exhaust server disk space and cause HTTP 500 DoS. The issue is fixed in 7.2.23; a workaround is documented in Jmix files vulnerability guidance. Applied mitiga...
CVE-2024-49705
Technical details are not publicly provided in the supplied documents. Monitor for updates.
GHSA-879V-FGGM-VXW2 LiteLLM Has a Leakage of Langfuse API Keys
In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...
CVE-2024-11040
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-11040
CVE-2024-11040 entry is rejected and not used; duplicate of CVE-2024-8939.
CVE-2024-11040
...
CVE-2025-0330 Exposure of Sensitive Information in berriai/litellm
In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...
PT-2025-5746 · Unknown · Mobile Security Framework
Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)
The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...
Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)
The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...
Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-787)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-787 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.97 Fixed CVEs: CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt Add: 55470:...
Astra Linux – Vulnerability in PostgresSQL-15
The use of server error messages by clients in PostgreSQL allows a server that is not trusted under current SSL or GSS settings to send arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message claiming that a human user or someone...
CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10977)
The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10977 advisory. - Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS...
CVE-2024-10977
A flaw was found in PostgreSQL's error message handling. This vulnerability allows a Man-in-the-middle attacker to inject arbitrary non-NUL bytes into the libpq application via a server error message. Mitigation Make sure PostgreSQL is configured to use trusted SSL or GSS settings to prevent...