15 matches found
CVE-2026-44618
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
CVE-2026-31910 Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
EUVD-2026-3289
MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing an authentication...
Improper Resource Shutdown or Release
Overview org.jenkins-ci.main:cli is a Command line interface for Jenkins. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP-based CLI connections. An attacker can cause the service to become unavailable by sending corrupted connection streams,...
OESA-2025-2561 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
OESA-2025-2559 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
CVE-2025-61672
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...
PT-2025-5257 · Vite · Vite
Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.0.9 Vite versions prior to 5.4.12 Vite versions prior to 4.5.6 Description: Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of...
PT-2025-54828
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.49 Apache Tomcat versions 9.0.0-M1 through 9.0.112 Apache Tomcat versions 8.5.0 through 8.5.100 Description Tomcat did not properly validate the hos...
PT-2024-37674 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.2 through 17.1.6 GitLab CE/EE versions 17.2 through 17.2.4 GitLab CE/EE versions 17.3 through 17.3.1 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to create a branch with the same name ...
PT-2024-28519 · Juniper Networks · Junos Evolved +1
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S7 Junos OS versions from 21.4 before 21.4R3-S6 Junos OS versions from 22.2 before 22.2R3-S3 Junos OS version 22.3 Junos OS versions from 22.4 before 22.4R3 Junos OS versions from 23.2 before 23.2R2 Junos OS...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview OpenTelemetry.Instrumentation.AspNetCore is an ASP.NET Core instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This...
PT-2023-10703 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: An issue was discovered in GitLab Community and Enterprise Edition, where blog-viewer has stored XSS during...
PT-2021-14350 · Pypi +3 · Pysaml2 +3
Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures in PySAML2, a pure python implementation of SAML Version 2 Standard. Users of PySAML2 that use the default...
GHSA-73V8-V6G4-VRPM Arbitrary File Overwrite in decompress-zip
Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory. Recommendation For...