CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

CVE-2026-0945

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

EUVD-2012-2231

Malware in sbrugna...

EUVD-2014-0174

Malware in sbrugna...

KDAB Hotspot 竞争条件问题漏洞

KDAB Hotspot is an application for KDAB individual developers. Create a standalone GUI for performance data. A security vulnerability exists in KDAB Hotspot version 1.3.x and 1.4.1 and prior versions 1.4.x. The vulnerability stems from the presence of a race condition that can be exploited by an...

Apache HTTP Server SEoL (1.4.x <= x <= 2.0.x)

According to its version, Apache HTTP Server is between 1.4.x and 2.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

PT-2022-9030 · Openmrs · Openmrs Admin Ui Module

Name of the Vulnerable Software and Affected Versions: OpenMRS Admin UI Module versions up to 1.4.x Description: A problematic vulnerability has been found in the OpenMRS Admin UI Module, affecting the sendErrorMessage function of the AccountPageController.java file, part of the Account Setup...

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

OpenDMARC Resource Management Error Vulnerability

OpenDMARC is an open source implementation of the DMARC Domain-based Message Authentication, Reporting and Conformance specification from The Trusted Domain project. A resource management error vulnerability exists in the 'opendmarcxmlparse' function in OpenDMARC versions 1.3.2 and earlier and...

Design/Logic Flaw

Pivotal Container Services PKS versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information...

GHSA-4X49-W62V-76Q7 Path Traversal in Spring Cloud Config

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

CVE-2019-3799

The CVE-2019-3799 entries describe a Local File Inclusion/Directory Traversal vulnerability in Spring Cloud Config Server. Affected versions are Spring Cloud Config Server 2.1.x before 2.1.2, 2.0.x before 2.0.4, and 1.4.x before 1.4.6, plus older unsupported releases. An unauthenticated attacker ...

Design/Logic Flaw

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running...

CVE-2017-1002101

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type including non-privileged pods, subject to file permissions can access files/directories outside of the volume, including the host's filesyste...

GHSA-85R7-W5MV-C849 Rack Vulnerable to Path Traversal

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

Pivotal Cloud Foundry XML External Entity Injection Vulnerability

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Single Sign-On is one of the single sign-on components. An XML external entity injection...

Foreman: Stored Cross Site Scripting

Cross-site scripting XSS vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark...

Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26095/info Asterisk 'asterisk-addons' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...