MiracleLinux 8 : curl-7.61.1-22.el8.3 (AXSA:2022-3782:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3782:01 advisory. curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl: auth/cookie leak on redirect...

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from an OAuth2 bearer token being incorrectly passed during cross-protocol redirection...

EUVD-2025-203372

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

CVE-2025-65781

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

CVE-2025-65781

Wekan up to v18.15 contains an issue in the Attachment Upload API where the Authorization Bearer value is treated as a userId, causing a non-terminating body-handling path for any non-empty bearer token. This leads to an application-layer DoS and latent identity-spoofing. The vulnerability affect...

WeKan 安全漏洞

WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan version 18.15 and earlier, which stems from the Attachment Upload API treating the Authorization bearer value as a userId, which could lead to application-level denial of service and identity spoofi...

CVE-2025-65781

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

PT-2025-51220

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...

Trint Ltd: Leak of Internal IP addresses

Summary: The leak of Internal IP Addresses. IP Addresses:- 10.6.96.4 10.6.136.194 10.6.127.182 Assessment: add your assessment of the vulnerability Steps To Reproduce: 1. Open request page of graphql2.trint.com with "getUser" Operation name. 2. Remove "authorization: Bearer" line and error will...