RLSA-2026:19368 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.97 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for WebSocket connections and information endpoints on the PraisonAI...

CVE-2025-62611

Summary: CVE-2025-62611 affects the aiomysql Python library used to access MySQL from asyncio. Prior to version 0.3.0, client-side settings are not validated before sending local files to the server, enabling a rogue MySQL server to request arbitrary client files via a LOAD_LOCAL packet. This vul...

aiomysql 安全漏洞

aiomysql is a MySQL access library from aio-libs open source. A security vulnerability exists in aiomysql versions prior to 0.3.0, which stems from an unchecked client-side setting that could lead to a malicious server obtaining arbitrary client-side files...

EUVD-2021-0161

Malware in sbrugna...

ALPINE-CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

PT-2024-10124

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description The issue is related to rsync, a software used for synchronizing files across different systems. It allows a server to enumerate the contents of an arbitrary file from the client's machine by...

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

CVE-2022-4148 WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The WP OAuth Server OAuth Authentication WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client...

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. PoC Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion

The plugin has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. Run the below command in the developer console of the web browser while being on the blog as any authenticated users, such as...

CVE-2021-31604

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...

CVE-2021-31604

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...

CVE-2019-1851 Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability

A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority CA Services on ISE. This vulnerability is due to an incorrect...

WordPress: antispambot does not always escape <, >, &, " and '

The antispambot function escapes some randomly selected characters from its first argument, for example: , &, ", or '. These last five characters should always be escaped. There is a chance that this will print out unescaped: console.log"hello";'; Even though the chance of this happening is low,...

Websense Data Security Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Data Security block page ------------------------------------------------------------------------ Han Sahin, September 2014...

Jira Cross Site Scripting and Information Disclosure Vulnerabilities

Atlassian JIRA is prone to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2010-0524

The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message...