CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

UBUNTU-CVE-2026-37712

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, calluserfuncarray in function job type...

CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

EUVD-2026-31659

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

EUVD-2026-12140

Angular vulnerable to XSS in i18n attribute bindings...

Gunicorn < 22.0.0 HTTP Request Smuggling Vulnerability

Gunicorn is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gunicorn:gunicorn"; ...

CVE-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...

PT-2023-9088 · Gunicorn +3 · Unicorn +3

Name of the Vulnerable Software and Affected Versions: Gunicorn versions prior to 22.0.0 Description: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers ca...

CVE-2023-39958 Missing brute force protection on password reset token OAuth2 API controller

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients...

PT-2022-22330 · Xebialabs +1 · Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: A missing permission check in the XebiaLabs XL Release Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Th...

CVE-2022-29846

In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number...

Progress Software WhatsUp Gold 信息泄露漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 16.1 through...

PT-2022-19872 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 16.1 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. Recommendations: For Ipswitch WhatsUp Gol...

PT-2022-19871 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 21.1.0 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an authenticated user to invoke an API transaction to read the contents of a local file. Recommendations: For Ipswitch...

PT-2022-19873 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 21.0.0 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an unauthenticated attacker to invoke an API transaction, enabling them to relay encrypted user credentials to an arbitrar...

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...