CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 10.0.4 or higher. References - Vulnerability Advisor...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 10.0.4 or higher. References - Vulnerability Advisor...

CVE-2021-47768

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...

Import Export Tools NG security vulnerabilities

Import Export Tools NG is an open-source import and export tool developed by thundernest. Version 10.0.4 of Import Export Tools NG contains a security vulnerability. This vulnerability stems from a persistent HTML injection issue in the email export module, which could allow remote attackers to...

EUVD-2021-12669

Malware in sbrugna...

EUVD-2022-41837

Malicious code in bioql PyPI...

EUVD-2022-41781

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

Linux Distros Unpatched Vulnerability : CVE-2022-39262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text conten...

Linux Distros Unpatched Vulnerability : CVE-2024-56196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to...

Trellix Endpoint Security HX 跨站脚本漏洞

Trellix Endpoint Security HX is an endpoint detection and response software from Trellix, USA. A cross-site scripting vulnerability exists in Trellix Endpoint Security HX version 10.0.4, which stems from susceptibility to a stored cross-site scripting attack that could lead to sensitive data...

CVE-2024-38311 Apache Traffic Server: Request smuggling via pipelining after a chunked message body

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue...

CVE-2024-56196

CVE-2024-56196 affects Apache Traffic Server versions 10.0.0–10.0.3 with an improper Access Control issue. The vulnerability is documented across multiple sources in the Connected documents, which consistently state the affected product and versions and recommend upgrading to 10.0.4 to fix the is...

CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue...

PT-2024-35459 · Unknown · @Intlify/Shared

Name of the Vulnerable Software and Affected Versions: @intlify/shared versions 10.0.4 Description: The issue is related to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the glob...

Apache Tomcat 10.0.0.M1 < 10.0.4

The version of Tomcat installed on the remote host is prior to 10.0.4. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.4security-10 advisory. - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming T...

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 43, 9.x < 9.0.0 Patch 36, 10.0.x < 10.0.4 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - XSS on one of the web endpoints via non sanitised input parameter. CVE-2023-43103 - An attacker can gain access of the logged-in user's mailbox through XSS. CVE-2023-431...

CVE-2023-33834

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014...