EUVD-2021-25682

Malware in sbrugna...

EUVD-2025-30233

Malicious code in bioql PyPI...

CVE-2025-10146

CVE-2025-10146 affects the WordPress Download Manager plugin, with vulnerable versions up to 3.3.23, due to insufficient input sanitization and output escaping in the parameter user_ids . This enables Reflected Cross-Site Scripting by unauthenticated attackers who lure a user to perform an action...

SUSE CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

CVE-2021-39321 Sassy Social Share 3.3.23 PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to deserialization of unvalidated user supplied inputs via the importconfig function found in the /admin/class-sassy-social-share-admin.php file. Th...

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

etcd input validation error vulnerability (CNVD-2020-47967)

etcd is a key-value storage system for distributed systems written in the Go language. An input validation error vulnerability exists in etcd versions prior to 3.3.23 and prior to 3.4.10. The vulnerability stems from a network system or product that does not properly validate input data. No...

DEBIAN-CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

PT-2020-14194 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to data validation in the ReadAll method in wal/wal.go, where it is possible to have an entry index greater than the number of entries. Thi...

PT-2020-14195 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...

PT-2020-14216 · Coreos +1 · Etcd +1

Name of the Vulnerable Software and Affected Versions: etcd versions prior to 3.4.10 etcd versions prior to 3.3.23 Description: The issue concerns the gateway TLS authentication in etcd, which is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication wi...

GnuTLS Security Bypass Vulnerability

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols developed by Nikos Mavrogiannopoulos of Belgium and Simon Josefsson of Sweden, software developers. A security bypass vulnerability exists in GnuTLS version 3.3.23 and versions 3.4.12 and earlier. An...