Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005322 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Typ...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in Rack versions prior to 2.2.20, 3.1.18, and 3.2.3, which stems from the possibility that Rack::Sendfile may bypass proxy access restrictions when handling specially crafted headers, leading to...

EUVD-2023-2436

Malicious code in bioql PyPI...

EUVD-2023-56793

Malicious code in bioql PyPI...

EUVD-2025-25484

Malicious code in bioql PyPI...

EUVD-2023-2430

Malicious code in bioql PyPI...

EUVD-2023-2565

Malicious code in bioql PyPI...

CVE-2025-55521

An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2025-55522

Cross-site scripting XSS vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

CVE-2025-55522

Cross-site scripting XSS vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

Akaunting 安全漏洞

Akaunting is an application from Akaunting providing all the tools needed to manage funds online. A security vulnerability exists in Akaunting version v3.1.18, which stems from an issue in the /settings/localization component and could lead to a denial of service attack...

CVE-2025-55521

This CVE affects Akaunting v3.1.18, with the vulnerability located in the /settings/localisation component. A crafted POST request can trigger a Denial of Service when authenticated. The public documents do not specify a fixed version; PT-2025-34253 notes no available fix at that time. Monitor fo...

CVE-2023-52119

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

CVE-2023-5316

Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...

CVE-2023-5317

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18...

SUSE CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609

CVE-2025-21609 affects SiYuan Note 3.1.18. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint, where an attacker can craft a payload to cause arbitrary file deletion on the server. The issue is addressed by commit d9887aeec1b27073bec66299a9a4181dc42969f3, with a fix e...

CVE-2023-52119

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...