2260 matches found
CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...
CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...
CVE-2025-27094 Tuleap allows default values to be cleared from field configuration
Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...
CVE-2025-24316
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...
CVE-2024-27246
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...
CVE-2024-27245
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access...
PT-2025-7919 · Zoom · Zoom Workplace Sdks +1
Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs affected versions not specified Description: The issue is related to a use after free condition in some Zoom Workplace Apps and SDKs, which may allow an authenticated user to conduct a denial of service via networ...
TFTP Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an PPC64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/ppc64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show...
Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
ALSA-2025:1582 Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
RLSA-2025:0426 Moderate: java-21-openjdk security update for Rocky Linux 8.10, 9.4 and 9.5
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
ALSA-2025:1443 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
CVE-2025-22129
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...
CVE-2021-35572
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2021-35659
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2021-35658
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2020-2787
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2025-22129
CVE-2025-22129 affects Tuleap (community and enterprise editions) where an unauthorized user could access restricted information. The issue is addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2; users should upgrade. Th...
CVE-2025-24029
CVE-2025-24029 affects Tuleap’s Cross Tracker Search widget: artifact permissions are not verified, allowing access to restricted artifacts for users (including anonymous) when the widget is used in public project dashboards. Affected versions have been addressed by Tuleap: Community Edition 16.3...
PT-2025-3723 · Unknown · Usbxpress Sdk
Name of the Vulnerable Software and Affected Versions: USBXpress SDK affected versions not specified Description: The issue is caused by an uncontrolled search path in the USBXpress SDK installer, leading to DLL hijacking vulnerabilities. This can result in privilege escalation and arbitrary code...