BIT-ENVOY-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988758 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memoryfailure Our syzkaller trigger the...

EUVD-2017-17872

Malware in sbrugna...

EUVD-2023-44052

Malicious code in bioql PyPI...

EUVD-2025-17569

Malicious code in bioql PyPI...

Wireshark Security Update (wnpa-sec-2025-02) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to a Denial Of Service DoS. The vulnerability is due to a bug in containerd’s CRI implementation where usernamespaced containers are not placed under Kubernetes' cgroup hierarchy, allowing an attacker to bypass resource limits and potentially exhaust...

CVE-2022-31166

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

CLSA-2024-1708639566 sudo: Fix of CVE-2023-42465

Remove sudo-1.9.15-CVE-2023-42465.patch due to bug...

Moodle Teacher Enrollment Privilege Escalation to RCE

Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions allow for a teacher to exploit chain to RCE. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add...

Cisco DLSw Information Disclosure Scanner

This module implements the DLSw information disclosure retrieval. There is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active. This...

C-News <= 1.0.1 (path) Remote File Inclusion Vulnerability

No description provided by source. ============================================================================================== C-News = v1.0.1 path Remote File Inclusion Exploit =============================================================================================== Critical Level :...

CentOS Update for php53 CESA-2011:1423 centos5 i386

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2011:1423 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

The Rat CMS Alpha 2 - &#039;download.php&#039; Priviledge Escalation

---------------------------- The Rat Cms Alpha 2 Priviledge Escalation ---------------------------- Autore: x0r Email: [email protected] Download: http://downloads.sourceforge.net/the-rat-cms/trcmsprealpha2.zip?modtime=1174590953&bigmirror=0 ---------------------------- Bug In: /admin/.php So...

plugspace-lfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl PlugSpace v0.1 Local File Inclusion Vulnerability Download: http://sourceforge.net/projects/plugspace/ Vuln:...

joomla1014-rfi.txt

============================================================================================== Joomla = v1.0.14-RC1Index.php Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Version : v2.3.1 &...

EggBlog 3.1.0 - Cookies SQL Injection

!/usr/bin/perl use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindowtitle = "UnderWHAT?!" ; $mw-geometry '420x343' ; $mw-resizable0,0; $mw-Label-text = '', -font = 'Verdana 8',-foreground='red'-pack; $mw-Label-text = 'eggblog 'Tahoma 7...

AllMyGuests 3.0 Remote File Inclusion Vulnerability

AllMyGuests 3.0 Remote File Inclusion Vulnerability Software: AllMyGuests Version: 3.0 Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip Found By: beks Bug In: /include/submit.inc.php /admin/index.php /include/cmsubmit.inc.php /comments.php /index.php /signin.php Risk:...

AllMyGuests 0.3.0 - &#039;AMG_serverpath&#039; Remote File Inclusion

AllMyGuests 3.0 Remote File Inclusion Vulnerability Software: AllMyGuests Version: 3.0 Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip Found By: beks Bug In: /include/submit.inc.php /admin/index.php /include/cmsubmit.inc.php /comments.php /index.php /signin.php Risk:...

MyAlbum 3.02 - &#039;language.inc.php&#039; Remote File Inclusion

============================================================================================== MyAlbum WWW.STARHACK.ORG ======= ==========================...