Astra Linux - уязвимость в apache2

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...

CVE-2026-6332

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

CVE-2026-6402

A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remote attacker can exploit a cross-origin source code exposure vulnerability. This allows a malicious website, visited by a developer, to load the bundled application source code as a script and read ...

PT-2026-25834

Name of the Vulnerable Software and Affected Versions ChargePoint Home Flex affected versions not specified Description The ChargePoint Home Flex software contains an information disclosure issue. Sensitive information was included in the source code. The issue was discovered by Sina Kheirkhah of...

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

EUVD-2026-8763

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

CVE-2026-2250

METIS WIC devices expose /dbviewer/ without authentication, allowing remote access to an internal telemetry SQLite database containing sensitive operational data. The issue is compounded by debug mode being enabled, which returns verbose Django tracebacks that disclose backend source code, local ...

CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.Js React Server Components RSC Vulnerabilities This re...

Exploit for CVE-2025-55183

CVE-2025-55183 - Next.js RSC Server Function Source Code Discl...

Exploit for CVE-2025-55183

CVE-2025-55183-poc – Next.js React Server Components Server Fu...

EUVD-2020-2570

Malware in sbrugna...

EUVD-2025-5922

Malicious code in bioql PyPI...

EUVD-2024-38335

Malicious code in bioql PyPI...

EUVD-2023-35162

Malicious code in bioql PyPI...

EUVD-2023-30960

Malicious code in bioql PyPI...

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2025:03422-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03422-1 advisory. - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674...

SUSE SLES12 Security Update : apache2-mod_security2 (SUSE-SU-2025:03423-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03423-1 advisory. - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674 Tenable has extracted the...

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure bsc1247674 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...