117 matches found
CLSA-2026-1772646645 butane: Fix of CVE-2025-61729
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing...
CLSA-2026-1772619878 runc: Fix of 3 CVEs
rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...
CLSA-2026-1772456031 runc: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...
CLSA-2026-1772455449 buildah: Fix of 3 CVEs
rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE's - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...
RLSA-2026:3343 Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang:...
CVE-2025-59873
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...
CVE-2025-59873 Session Token Exposure via URL Query Parameters
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...
CVE-2025-59873
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...
CVE-2025-59873
CVE-2025-59873 describes an information exposure in HCL Software ZIE for Web (v16) where the application transmits sensitive session tokens and authentication identifiers in URL query parameters. The root cause is tokens/identifiers being exposed via URLs, enabling session hijacking when an attac...
Important: Red Hat Security Advisory: grafana-pcp security update
An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
CVE-2026-22644
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...
CVE-2025-69270
Broadcom DX NetOps Spectrum 24.3.8 and earlier are affected by Information Exposure Through Query Strings in GET Requests, enabling potential session hijacking on Windows and Linux. The vulnerability arises from information disclosure via GET request query strings, which could allow an attacker t...
CVE-2023-50328
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...
EUVD-2026-0927
Malicious code in @crepo/crepo-url-query-mapper npm...
Malicious code in @crepo/crepo-url-query-mapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8556f30a48d0b1c957d0d66394801c28e6259503ed20f4cbf900102b962ee5f The package @crepo/crepo-url-query-mapper was found to contain malicious code. Source: ossf-package-analysis...
Masa CMS 跨站脚本漏洞
Masa CMS is a digital experience platform. A cross-site scripting vulnerability exists in Masa CMS versions 7.2.8 and earlier, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8, and 7.5.0 through 7.5.1, which stems from an ajax URL query parameter that is not cleaned up and included directly in t...
CVE-2025-62254
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...