EUVD-2025-209792

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

CVE-2025-35990

CVE-2025-35990 affects Intel Endpoint Management Assistant (EMA) software prior to version 1.14.5. The vulnerability arises from improper input validation in Ring 3 user-space components, enabling an unauthenticated, low-complexity attacker with adjacent access to cause an escalation of privilege...

PT-2026-40078

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

Intel® EMA Software Advisory

Summary: A potential security vulnerability in the Intel® Endpoint Management Assistant EMA software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35990 Description: Improper input validation...

Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...

EUVD-2020-7573

Malware in sbrugna...

EUVD-2024-40131

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-0845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to...

BIT-SUBVERSION-2024-46901 Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...

PT-2024-32272 · Apache +4 · Apache Subversion +4

Name of the Vulnerable Software and Affected Versions: Apache Subversion versions prior to 1.14.5 Description: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod dav svn allows authenticated users with commit access to commit a corrupt...

skopeo security update

2:1.14.5-1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 https://github.com/containers/skopeo/commit/072072b - Resolves: RHEL-40805...

WordPress Clean Login plugin <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by wesley wcraft in WordPress Plugin Clean Login versions = 1.14.5...

WordPress plugin Clean Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-43238

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5...

WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)

Software WPGraphQL Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-23684 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID b0a8de3a4ab4 Credits Ravi Dharmawan Required privilege...

GHSA-C57C-7HRJ-6Q6V Hashicorp Consul vulnerable to denial of service

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3...

PT-2023-9290 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: Consul versions prior to 1.14.5 Consul versions prior to 1.15.3 Consul Enterprise versions prior to 1.14.5 Consul Enterprise versions prior to 1.15.3 Description: The cluster peering implementation in Consul and Consul Enterprise contained a...

UBUNTU-CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

SUSE CVE-2020-6095

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerabili...

Path Traversal in Buildah

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions. Specific Go Packages Affected...