Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the process responsible for handling persistent notifications due to a failure to archive the channel before removing existing notifications. An attacker can cause the server to crash by timing the creation of a...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Host header when constructing response URLs for custom slash commands. An attacker can redirect responses to a server under their control by sending a specially crafted request with a spoofed Hos...

Participants were able to blindly delete poll drafts of other users by ID

None...

Advantech WebAccess/VPN Command Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a command injection...

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-34240 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

EUVD-2020-22058

Malware in sbrugna...

EUVD-2024-19956

Malicious code in bioql PyPI...

EUVD-2023-49457

Malicious code in bioql PyPI...

CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

CVE-2023-22473

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

EPA Client Removed When Workspace App is Upgraded from 2402 to 2402 CU1

Endpoints have Workspace app 2402 installed along with EPA Client Endpoints have been upgraded to Workspace app 2402 CU1 After upgrade, the EPA client has been removed...

CVE-2024-22402 Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It i...

CVE-2023-26245

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version e.g.,...

PT-2023-20561 · Hyundai · Hyundai Gen5W L

Name of the Vulnerable Software and Affected Versions: Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214 Description: An issue was discovered in the Hyundai Gen5W L in-vehicle infotainment system where the AppUpgrade binary file can be modified by an attacker ...

ICA launch delay issue after upgrading to Workspace app 2203 CU2

After upgrading to Workspace app 2203 CU2, customer may experience ICA launch delay issues...

CVE-2022-20392

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...

Silent Command Line Upgrades of Workspace App without SelfService Fail Abruptly

Scenario: a command line installation of Workspace App where the/Silent parameter is used will simply stop within 30 seconds. This might occur during installations from the command line or through some management platform for example: SCCM, or BigFix or even Windows Active-Directory Group Policy...