CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

EUVD-2015-1094

Malware in sbrugna...

EUVD-2021-0071

Malware in sbrugna...

EUVD-2023-25583

Malicious code in bioql PyPI...

CVE-2025-5520

Open5GS (up to 2.7.3) is affected by CVE-2025-5520 in the AMF/MME component, specifically the gmm_state_authentication/emm_state_authentication function. The issue can lead to a reachable assertion and is exploitable remotely. A patch is available (patch name: 9f5d133657850e6167231527514ee1364d37...

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

CVE-2022-41960

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

CVE-2025-29906 Finit bundled getty can bypass /bin/login

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

Moderate: Red Hat Security Advisory: mutt security update

An updated mutt package that fixes several security bugs is now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used...

Moderate: Red Hat Security Advisory: : : : Updated VNC packages fix replay and cookie vulnerabilities

Updated VNC packages are available, fixing a challenge replay and a weak cookie vulnerability. Updated 10 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. VNC is a tool for providing a remote graphical user interface. Two vulnerabilities have been found in versions o...