PT-2026-31705

Name of the Vulnerable Software and Affected Versions flatpak-builder versions 1.4.5 through 1.4.7 Description flatpak-builder, a tool for building flatpaks from source, contains a flaw where the 'license-files' manifest key can be exploited to read arbitrary files from the host system and includ...

CVE-2025-41737

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-9982

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

EUVD-2002-1164

Malware in sbrugna...

EUVD-2021-14680

Malware in sbrugna...

EUVD-2020-28934

Malware in sbrugna...

EUVD-2023-23643

Malicious code in bioql PyPI...

EUVD-2025-8849

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-6322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associate...

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)

Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the webpackmodules object. An attacker can...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from the fact that if a...

CVE-2024-0589

Cross-site scripting XSS vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab versions prior to 16.6.6, 16.7 throug...

PYSEC-2024-14

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access.This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

PT-2023-8730 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.6.0 Description: The issue is related to the use of files and directories accessible to external parties, which can be exploited by a remote attacker to execute arbitrary code. Different users in InLong...

SUSE CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

SUSE CVE-2011-4181

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 for 2.1 and before version 2.3...