82 matches found
PYSEC-2026-113
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...
PT-2026-3464
Name of the Vulnerable Software and Affected Versions OpenProject versions 16.3.0 through 16.6.4 Description OpenProject is a web-based project management software. A stored cross-site scripting issue exists in the Roadmap view. The issue occurs when a version contains work packages from a...
EUVD-2026-0825
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...
Veeam Backup & Replication 13.0.1 In-Place Upgrade Version Requirement
Challenge When attempting to upgrade an existing Veeam Backup & Replication deployment to version 13.0.1, the installer displays a message stating: Unable to upgrade Veeam Backup & Replication: you can upgrade from version 12.3.1.1139 or later only. Solution Before attempting an in-place upgrade ...
CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware
DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...
D-Link DI-500WF os Command Injection Vulnerability
The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...
D-Link DI-500WF 安全漏洞
The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...
Linux Distros Unpatched Vulnerability : CVE-2023-1428
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x...
Linux Distros Unpatched Vulnerability : CVE-2023-50291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...
Linux Distros Unpatched Vulnerability : CVE-2025-5889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the functi...
CRLF Injection
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited emails...
PT-2025-27253 · Sublinkx · Sublinkx
Name of the Vulnerable Software and Affected Versions: gooaclok819 sublinkX versions up to 1.8 Description: A critical issue has been found, affecting the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. This issue can be exploited...
CVE-2025-6166 frdel Agent-Zero image_get.py image_get path traversal
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function imageget of the file /python/api/imageget.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The...
Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)
Kibana arbitrary code execution via prototype pollution ESA-2025-07 A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5, and 8.18.0, and 9.0.0 Affected...
PT-2025-4819 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the latest supported version Description: The issue concerns the use of End-of-Life EOL versions of Node.js, which are no longer supported and do not receive updates, including security patches. This may expose syste...
Websites were able to send any requests to the development server and read the response in vite
Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...
python-requests security update
2.20.0-5 - Security fix for CVE-2024-35195 Resolves: RHEL-37605 2.20.0-4 - Bump release to fix upgrade path from 2.20.0-2.1.el81 via 2.20.0-3.el88 to 2.20.0-4.el8 Related: rhbz2209469...
PT-2024-35496 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...
PT-2024-32379 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.54.10 Zitadel versions from 2.55.0 through 2.55.7 Zitadel versions from 2.56.0 through 2.56.5 Zitadel versions from 2.57.0 through 2.57.4 Zitadel versions from 2.58.0 through 2.58.4 Zitadel versions from 2.59.0...
PT-2024-29502 · Qwik +1 · Qwik +1
Name of the Vulnerable Software and Affected Versions: Qwik versions prior to 1.6.0 @builder.io/qwik versions prior to 1.7.3 Description: A potential mutation XSS vulnerability exists in Qwik due to improper HTML escaping on server-side rendering. This occurs because Qwik converts strings accordi...