13 matches found
CVE-2026-34584
The CVE affects listmonk (standalone, self-hosted newsletter/mailing list app). From version 4.1.0 up to, but not including, 6.1.0, bugs in list permission checks allow users in multi-user environments to access lists they should not access. This could expose restricted lists under different scen...
CVE-2025-62413
MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...
CVE-2025-62413
MQTTX v1.12.0 contains an XSS in the message viewer caused by improper rendering of MQTT payloads (HTML/JS). This can execute scripts in the app UI and potentially access credentials or trigger actions. The issue is fixed in v1.12.1; upgrading to 1.12.1 is the recommended remediation. The vulnera...
EUVD-2025-34812
MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...
@nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...
CVE-2025-36852
CVE-2025-36852 describes a critical vulnerability in remote cache extensions used by build systems with bucket-based remote caches (e.g., Amazon S3, Google Cloud Storage). The issue allows contributors with pull request privileges to inject compromised artifacts from untrusted environments into t...
CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...
PT-2025-24926 · Nx +1 · Aws S3 Remote Cache Plugin For Nx +6
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical security issue exists in remote cache extensions for common build systems that utilize bucket-based remote cache, such as those using Amazon S3 or Google Cloud Storage. This issue...
CVE-2024-45779
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a he...
PT-2022-27388 · Tenda · Tenda Ax12
Name of the Vulnerable Software and Affected Versions: Tenda AX12 version V22.03.01.16 cn Description: The issue is related to command injection via the goform/fast setting internet set API endpoint. This allows for potential malicious commands to be executed. Recommendations: For Tenda AX12...
Path Traversal vulnerability that affects yard
Possible arbitrary path traversal and file access via yard server Impact A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host unde...
GHSA-XFHH-RX56-RXCR Path Traversal vulnerability that affects yard
Possible arbitrary path traversal and file access via yard server Impact A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host unde...
CVE-2012-4245
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command...