EUVD-2026-30364

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-25633

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing authorization that allows access to assets. An attacker can access and download sensitive files and view their metadata by sending requests as an authenticated user without the necessary permission...

PT-2026-7664

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.6 Statamic versions prior to 6.2.5 Description Statamic is a Laravel and Git powered CMS designed for building websites. Users without the necessary permissions to view assets are able to download them and view...

EUVD-2019-19205

Malware in sbrugna...

EUVD-2017-6090

Malware in sbrugna...

EUVD-2024-54789

Malicious code in bioql PyPI...

Third-Party Dependency in Crowd Data Center

Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...

Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints...

GHSA-F7H5-C625-3795 Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints...

Eclipse GlassFish 代码问题漏洞

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A code issue vulnerability exists in Eclipse GlassFish versions 6.2.5 and later, which stems from the risk of a server-side request forgery attack on specific endpoints...

CVE-2023-38513

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine Media Organizer & Lightroom.This issue affects Photo Engine Media Organizer & Lightroom: from n/a through 6.2.5...

Zoom Workplace Desktop App < 6.2.5 Out-of-bounds Write (ZSB-25003)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.2.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-25003 advisory. - Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via networ...

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

PT-2024-7800 · Palo Alto Networks +1 · Palo Alto Networks Globalprotect +1

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App versions prior to 6.2.5 Description: A privilege escalation issue in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their...

Malicious code in @ebay/ui-core-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11187eb0b4555fd35f9cdebe15c9eedc700e017d094738488a06893e8c47ef85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM DevOps Release 7.0.0 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file but...

PT-2023-29715 · Rumbletalk · Rumbletalk Live Group Chat

Name of the Vulnerable Software and Affected Versions: RumbleTalk Live Group Chat versions n/a through 6.2.5 Description: The issue is related to a missing authorization vulnerability in RumbleTalk Live Group Chat, which allows the exploitation of incorrectly configured access control security...