9 matches found
Net::CIDR::Set 安全漏洞
Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of IP addresses. The add method called the encode method ...
CVE-2026-45609
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-38111)
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...
Information Exposure
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the includes/user/User.ph...
CVE-2025-6593
CVE-2025-6593 affects Wikimedia Foundation MediaWiki. A remote attacker could entice a user to interact with malicious content in includes/user/User.Php, potentially leading to disclosure of limited sensitive information. Affected versions include MediaWiki 1.27.0 before 1.39.13, 1.42.7–1.43.2, a...
Linux Distros Unpatched Vulnerability : CVE-2023-7028
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5,...
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index PyPI repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gai...
CasaOS 访问控制错误漏洞
CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...
The vulnerability of the Content Library component of the VMware vCenter Server management tool allows a attacker to perform an SSRF attack.
The vulnerability of the Content Library component in the VMware vCenter Server management tool is related to insufficient verification of URL addresses. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially created POST request...