6596 matches found
RHEL 8 : php:8.2 (RHSA-2025:15687)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15687 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...
PT-2025-49182
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66 Description An issue exists in Apache HTTP Server on Windows when AllowEncodedSlashes is enabled and MergeSlashes is disabled. This can allow for Server-Side Request Forgery SSRF, potentially leading...
Exploit for CVE-2017-0143
💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...
Malicious code in xenon-auth-jabbah-materialize (npm)
The package xenon-auth-jabbah-materialize was found to contain malicious code...
Malicious code in auth-dotenv-halley-prettier-stylelint (npm)
The package auth-dotenv-halley-prettier-stylelint was found to contain malicious code...
Malicious code in auth-pulsar-local-transform (npm)
The package auth-pulsar-local-transform was found to contain malicious code...
Malicious code in elara-postgres-auth-rigel (npm)
The package elara-postgres-auth-rigel was found to contain malicious code...
Malicious code in auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin (npm)
The package auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin was found to contain malicious code...
MAL-2025-43544 Malicious code in auth-pulsar-local-transform (npm)
The package auth-pulsar-local-transform was found to contain malicious code...
MAL-2025-46675 Malicious code in xenon-auth-jabbah-materialize (npm)
The package xenon-auth-jabbah-materialize was found to contain malicious code...
MAL-2025-43543 Malicious code in auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin (npm)
The package auth-polaris-rate-limiter-optimize-css-assets-webpack-plugin was found to contain malicious code...
MAL-2025-44116 Malicious code in elara-postgres-auth-rigel (npm)
The package elara-postgres-auth-rigel was found to contain malicious code...
MAL-2025-43542 Malicious code in auth-dotenv-halley-prettier-stylelint (npm)
The package auth-dotenv-halley-prettier-stylelint was found to contain malicious code...
Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3: CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands bsc1245403. None security fixes: Rebase cloud-init to 24.4 or higher bsc1239715, jscPED-8680. Fixed cloud-init --debug status bsc1228414. Using...
OESA-2025-2136 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...
ROS-20250905-07
A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...
CVE-2025-58163
CVE-2025-58163 describes a deserialization of untrusted data vulnerability in FreeScout (PHP Laravel). Versions 1.8.185 and earlier are affected, enabling authenticated attackers (with knowledge of the APP_KEY) to achieve remote code execution. The flaw is present in an endpoint such as /help/{ma...
Linux Distros Unpatched Vulnerability : CVE-2020-7221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely,...
GHSA-MXH2-CCGJ-8635 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...
CVE-2024-48705
Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...