Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable due to improper handling of the usedTraffic field in the processPieceFromSource method. An attacker can cause service disruption for a peer by exploiting incorrect rate limiting during task processing...

CVE-2025-22142

CVE-2025-22142 concerns NamelessMC. The vulnerability allows cross-site scripting via an admin-enabled extra field where a user may inject JavaScript that executes when a staff member views the user’s profile on the staff panel. Affected version details are not all consistently stated across sour...

PT-2024-40295 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: thelia/thelia versions 2.1.0-beta1 through 2.1.2 Description: An authentication bypass issue was identified, affecting both customer and admin authentication. Recommendations: For thelia/thelia versions 2.1.0-beta1 through 2.1.2, update to...

PT-2023-33067 · Stripe +2 · Stripe +2

Name of the Vulnerable Software and Affected Versions: Vendure versions prior to 2.1.3 Description: The issue allows selecting any currency code, not limited to those assigned to the channel, and completing payments through Mollie and Stripe in that currency. This results in orders being settled ...

[SECURITY] New version of glibc released

Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. The first problem is the way ld.so handles environment variables: in order to provide a safe environmen...