Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017591 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

Security Bulletin: IBM Content Navigator is affected by CVE-2025-46392

Summary IBM Content Navigator is affected by CVE-2025-46392, an Uncontrolled Resource Consumption vulnerability CWE-400 in Apache Commons Configuration 1.x commons-configuration-1.7.jar. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in...

CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated File Disclosure Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

Atlassian Confluence 2.x < 8.5.25 Denial of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 2.x prior to 8.5.25, 9.2.x prior to 9.2.7 or 10.x prior to 10.0.2. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issu...

EUVD-2008-4785

Malware in sbrugna...

EUVD-2018-0771

Malware in sbrugna...

EUVD-2013-6533

Malware in sbrugna...

EUVD-2022-2198

Malicious code in bioql PyPI...

EUVD-2022-3621

Malicious code in bioql PyPI...

CVE-2025-46392

CVE-2025-46392 describes an Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. The issue arises when loading untrusted configurations or using unusual usage patterns, leading to excessive resource use. The provided documents indicate that the Apache Commons Confi...

Magento Improper Access Control leads to Security feature bypass

Magento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access...

jooby-pac4j: deserialization of untrusted data

Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...

PT-2025-9198 · Formwork · Formwork

Name of the Vulnerable Software and Affected Versions: Formwork versions prior to 2.x Description: The issue arises from improper validation of select fields, allowing attackers to craft an input that crashes the system. This impacts the Availability aspect of the CIA triad, although the attack h...

PT-2025-8750 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.X Description: The issue is related to Incorrect Access Control, allowing unauthorized users to access and manipulate endpoints intended for administrative use. Specifically, the endpoint "teacher/edit/id" is...

fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams

[email protected] reports: FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

PT-2024-16742

Name of the Vulnerable Software and Affected Versions Ansible-Core versions 2.x Description A flaw was found in Ansible-Core, allowing attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code executi...

PT-2024-33664 · Zitadel +1 · Zitadel +1

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.64.1 Zitadel versions prior to 2.63.6 Zitadel versions prior to 2.62.8 Zitadel versions prior to 2.61.4 Zitadel versions prior to 2.60.4 Zitadel versions prior to 2.59.5 Zitadel versions prior to 2.58.7 Description...

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit

The Rejetto HTTP File Server HFS version 2.x is vulnerable to an unauthenticated server side template injection SSTI vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work...

GHSA-HFPP-2VHW-QQ43 eZ Platform Admin UI Password reset vulnerability

his Security Update fixes a severe vulnerability in the eZ Platform Admin UI, and we recommend that you install it as soon as possible. It affects eZ Platform 2.x. The functionality for resetting a forgotten password is vulnerable to brute force attack. Depending on configuration and other...

PT-2024-40514 · Contao · Contao/Core

Name of the Vulnerable Software and Affected Versions: contao/core versions 2.x prior to 2.11.17 contao/core versions 3.x prior to 3.2.9 Description: The issue is related to arbitrary code execution on the server due to insufficient input validation. Attackers can exploit this by entering a...