Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

CVE-2026-21628

The CVE-2026-21628 entry concerns the Astroid Framework integration with Joomla. A vulnerable, improperly secured file management feature allows unauthenticated users to upload dangerous data types, enabling remote code execution. Affected: Astroid Framework for Joomla versions 2.0.0 through 3.3....

CVE-2026-25739

CVE-2026-25739 is reserved with no public details in the Initial document, but a connected advisory (GHSA-JXC4-54G3-J7VP) indicates a Cross‑Site Scripting (XSS) vulnerability in Indico related to uploading materials. The issue occurs when certain file types are uploaded as materials, enabling XSS...

CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

Indico 代码问题漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had code-related vulnerabilities. These vulnerabilities stemmed from improper handling of URLs provided by users, which could lead to server-side request forgery attacks...

GHSA-JXC4-54G3-J7VP Indico Affected by Cross-Site-Scripting via material uploads

Impact There is a Cross-Site-Scripting vulnerability when uploading certain file types as materials. Patches You should to update to Indico 3.3.10 as soon as possible. See the docs for instructions on how to update. Please be aware that to apply the fix itself updating is sufficient, but to benef...

GHSA-F47C-3C5W-V7P4 Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

PT-2026-20327

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...

[SECURITY] Fedora 41 Update: ruby-3.3.10-21.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CVE-2025-60119

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through = 3.3.11...

CVE-2025-60119

CVE-2025-60119 : In CoSchedule for WordPress, an Unauthenticated Sensitive Information Exposure vulnerability affects CoSchedule up to version 3.3.11 (per Wordfence). The issue leaks sensitive data to unauthorized actors due to insufficient access control. Wordfence indicates a patch is available...

CVE-2025-60119 WordPress CoSchedule Plugin <= 3.3.11 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through = 3.3.11...

PT-2025-39566

Name of the Vulnerable Software and Affected Versions CoSchedule versions through 3.3.10 Description A flaw exists in CoSchedule that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. Recommendations Update CoSchedule...

openSUSE Tumbleweed 安全漏洞

openSUSE Tumbleweed is a desktop and server operating system from openSUSE Germany. A security vulnerability exists in openSUSE Tumbleweed versions prior to 3.3.10-2.1, which stems from a logrotate configuration dependency on untrustworthy input that could lead to elevation of privilege...

OPENSUSE-SU-2025:15344-1 mailman3-3.3.10-2.1 on GA media

These are all security issues fixed in the mailman3-3.3.10-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-2756

SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

CVE-2021-37578

Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...

ai.langsa:ccaas-starter (>=0.5 <=cloud-0.3), au.csiro.pathling:fhir-server (>=6.4.0 <=7.1.0) +4643 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=3.3.10)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =0.5, =6.4.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3...