27 matches found
Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)
Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...
SUSE CVE-2026-2007
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
CVE-2026-2007
Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...
EUVD-2025-24603
Malicious code in bioql PyPI...
EUVD-2023-2627
Malicious code in bioql PyPI...
EUVD-2024-21640
Malicious code in bioql PyPI...
CVE-2025-55202 Opencast has a partial path traversal vulnerability in UI config
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...
CVE-2025-8770 Authorization Bypass Through User-Controlled Key in GitLab
An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...
CVE-2025-2938 Business Logic Errors in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...
GitLab 16.10 < 17.11.5 / 18.0 < 18.0.3 / 18.1 < 18.1.1 (CVE-2025-5846)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated...
CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...
GitLab 17.11 < 17.11.4 / 18.0 < 18.0.2 (CVE-2025-5121)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue that, under certain conditions, could have allowed a successful attacker with authenticated access to a GitLab instance with a GitLab Ultimate license applied paid...
CVE-2025-4278
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
Microsoft Azure Backlink Vulnerability
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Azure File Sync. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Fi...
Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)
Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Cross site scripting
Adobe InCopy versions 18.0 and earlier, 17.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Design/Logic Flaw
Adobe InDesign version 18.0 and earlier, 17.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction i...
Input validation
Adobe InDesign version 18.0 and earlier, 17.4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...