CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

SUSE-SU-2026:0425-1 Security update for python313-wheel

This update for python313-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...

EUVD-2020-4270

Malware in sbrugna...

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

CVE-2020-10865

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process...

CVE-2013-0969

Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard...

Session fixation

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2020-11933

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security...

CVE-2020-10865

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process...

Code injection

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process...

CVE-2020-10865

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process...

Cross site request forgery (csrf)

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...

Rencontre <= 3.2.2 - Multiple CSRF

The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...

Rencontre <= 3.2.2 - Multiple CSRF

The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings. November 3rd, 2019 - WordPress Plugin Team Notified November 5th, 2019 - WP Plugins Team acknowledgments of the issue. December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as th...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

Exploit for linux platform in category web applications ====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA...

CVE-2015-5188

Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitra...

NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability

Talos Vulnerability Report TALOS-2015-0069 NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability October 21, 2015 CVE Number CVE-2015-7871 Summary Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker’s choosing...