24 matches found
SUSE SLES12 Security Update : zabbix (SUSE-SU-2026:0483-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0483-1 advisory. - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 - CVE-2024-42325: Restricted access to user fields using...
EUVD-2021-2493
Malware in sbrugna...
EUVD-2022-4511
Malicious code in bioql PyPI...
PT-2025-23639
Name of the Vulnerable Software and Affected Versions quequnlong shiyi-blog versions up to 1.2.1 Description A critical issue has been discovered, affecting an unknown part of the file /api/file/upload. The manipulation of the file/source argument leads to path traversal. This issue can be...
PT-2025-23105
Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common...
CVE-2024-34701
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2021-41127
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...
PT-2025-21990 · Unknown · Easyvirt Dc Netscope
Name of the Vulnerable Software and Affected Versions: EasyVirt DC NetScope versions 8.7.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary code. This can be achieved via several parameters, including the lang parameter to...
PT-2025-17314 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.1.4 Description: The issue is related to SQL injection by providing an unexpected square bracket GET parameter syntax. This syntax refers to the structure ?param0=a¶m1=b¶m2=c utilized by PHP, which is...
PT-2025-16195 · H3C · H3C Magic Nx15 +3
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 Description: A critical vulnerability has been found in H3C Magic NX series...
PT-2025-7484 · Openvsx · Openvsx
Name of the Vulnerable Software and Affected Versions: OpenVSX versions v0.9.0 through v0.20.0 Description: The issue allows a user to edit all namespace details, including name, description, website, support link, and social media links, even if the user is not a namespace Owner or Contributor...
PT-2025-3104 · Unknown · Vaultwarden
Name of the Vulnerable Software and Affected Versions: Vaultwarden version 1.32.5 Description: The issue is related to an authenticated reflected Cross-Site Scripting XSS vulnerability. This vulnerability is present in the /api/core/mod.rs component. Recommendations: For Vaultwarden version 1.32....
PT-2024-28642 · Threatquotient · Threatq
Name of the Vulnerable Software and Affected Versions: ThreatQuotient ThreatQ versions prior to 5.29.3 Description: The issue allows authenticated users to execute arbitrary commands by sending a crafted request to an API endpoint. Recommendations: For versions prior to 5.29.3, update to version...
PT-2024-39480 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server versions 2024.1.0 through 2024.1.13038 Octopus Server versions 2024.2.0 through 2024.2.9482 Octopus Server versions 2024.3.0 through 2024.3.12766 Description: This issue is related to an SQL Injection vulnerability due to...
PT-2025-5683 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.2 through 16.9.7 GitLab EE versions 16.10 through 16.10.5 GitLab EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab EE, allowing the disclosure of updates to issues to a banned group...
CVE-2024-29890 Remote code execution in datalens-ui
DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...
PT-2023-29831 · Lenovo · Thinksystem
Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...
CVE-2023-30845 ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...
PT-2023-19776 · Funadmin · Funadmin
Name of the Vulnerable Software and Affected Versions: Funadmin version 3.2.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the id parameter at the "/databases/table/list" API endpoint. Recommendations: For Funadmin version 3.2.0, consider restricting...
PT-2022-28075 · Apiman · Apiman
Name of the Vulnerable Software and Affected Versions: Apiman versions 1.5.7 through 2.2.3.Final Description: The issue is caused by insufficient checks for read permissions within the Apiman Manager REST API, allowing a malicious user to access private APIs they do not have permission for. This ...