Missing Authorization

Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshot...

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

PT-2025-45477

Name of the Vulnerable Software and Affected Versions MatchMaster version 1.0 Description A Cross-Site Scripting XSS issue exists in MatchMaster. The application does not properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test...

OPENSUSE-SU-2024:0194-2 Security update for keybase-client

This update for keybase-client fixes the following issues: Update to version 6.2.8 Update client CA Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo1213928. This is done via the new update-image-tiff.patch. - Limit parallel test executi...

GHSA-P6RP-MX85-M459 Spring Cloud Contract vulnerable to local information disclosure

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

de.tracetronic.jenkins.plugins:ecu-test-execution (>=3.0 <=3.4), jp.ikedam.jenkins.plugins:extensible-choice-parameter (=1.8.1) +2 more potentially affected by CVE-2022-30946 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1158.v7c1b_73a_69a_08)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =3.0, =3.4 - jp.ikedam.jenkins.plugins:extensible-choice-parameter =1.8.1 - org.jenkins-ci.plugins:applitools-eyes =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 Source cves: CVE-2022-30946 Source advisory:...

Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...

What is API Testing❓ Benefits, Types, How To Start

Introduction APIs are becoming very important in our modern world and as technology rises, so will our reliance on APIs. Everything that communicates on the internet these days is talking to an API Application Programming Interface and as we implement them in our technologies we also need to take...

mariadb-connector-c security, bug fix, and enhancement update

3.1.11-2 - Require specific minimal version of the 'mariadb' package, if it is installed 3.1.11-1 - Rebase to 3.1.11 3.1.9-1 - Rebase to 3.1.9 - Overlinking issues fixed by upstream in 3.1.3 release - Add explicit confict between mariadb-connector-c-devel and mysql-devel packages 3.1.2-1 - Rebase...

ActiveReign - A Network Enumeration And Attack Toolset

Background A while back I was challenged to write a discovery tool with Python3 that could automate the process of finding sensitive information on network file shares. After writing the entire tool with pysmb, and adding features such as the ability to open and scan docx an xlsx files, I slowly...

Microsoft Windows PPL Process Injection Privilege Escalation Exploit

Exploit for windows platform in category dos / poc Windows: PPL Process Injection EoP Platform: Windows 10 1703 x64 Class: Elevation of Privilege Summary: It’s possible to inject code into a PPL protected process by hijacking COM objects leading to accessing PPL processes such as Lsa and...

Security and Privacy Assurance Research: SPARTA Framework

Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR Security and Privacy Assurance Research program , SPARTA SPAR Testing and Assessment framework is a set of software applications used to evaluate the functionality and...

TestLink 1.9.3 SQL Injection

------------------ Information ------------------ Name: SQL Injection Vulnerabilities in TestLink Software tested: TL v1.8.5b & checked in v1.9.3 prior version may be affected Vendor Homepage: http://www.teamst.org Vendor Notification: 27 January 2012 Vendor Patch: 4 February 2012 Public...

Core Security Technologies Advisory 2009.1013

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities ...