Authentication Bypass

friendsofsymfony/user-bundle is vulnerable to Authentication Bypass. The vulnerability is due to an insecure user refresh implementation due to using the primary key instead of the username, which can result in authentication bypass if users are allowed to change usernames...

Cross Site Scripting (XSS)

friendsofsymfony/rest-bundle is vulnerable to Cross Site Scripting XSS. The vulnerability is due to incorrect jsonp validation due to sanitizing the callback query param name rather than its value, which allows potentially malicious callback values to be processed, leading to Cross Site Scriping...

PT-2024-40444 · Nzo · Nzo/Url-Encryptor-Bundle

Name of the Vulnerable Software and Affected Versions: nzo/url-encryptor-bundle versions prior to 5.0.1 nzo/url-encryptor-bundle versions prior to 4.3.2 Description: The issue is related to the lack of mandatory key and IV requirements in the affected versions. By default, the bundle uses the...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

GHSA-MVF6-3F2G-XFXF endroid/qr-code-bundle File Disclosure via logo_path query parameter

Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...

endroid/qr-code-bundle File Disclosure via logo_path query parameter

Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...

easyadmin-extension-bundle action case insensitivity

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...

PT-2024-40038 · Unknown · Alterphp/Easyadmin-Extension-Bundle

Name of the Vulnerable Software and Affected Versions: alterphp/easyadmin-extension-bundle affected versions not specified Description: The issue concerns role-based access rules not handling action name case sensitivity, potentially leading to unauthorized access. Recommendations: At the moment,...

PT-2024-40382 · Unknown · Endroid/Qr-Code-Bundle

Name of the Vulnerable Software and Affected Versions: endroid/qr-code-bundle versions prior to 3.4.2 Description: The issue arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure through the logo path query parameter. Recommendations: For...

PT-2024-40352 · Ez Systems · Ez Publish Legacy +1

Name of the Vulnerable Software and Affected Versions: VideoJS versions prior to the version that fixes the XSS vulnerability eZ Publish Platform 5.4 eZ Publish Legacy 5.4 Description: The issue is related to an XSS vulnerability in the Flash-based video player of VideoJS, which is bundled in...

easyadmin-extension-bundle action case insensitivity

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...

CVE-2024-26947

creationtimestamp| type| source ---|---|--- 2024-05-14 03:25:11+00:00| published-proof-of-concept| Telegram/m1hEa5ioqUzZVgQ8ttIx1-5NejbquJGEHlzE2qkH6nE0D254 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

SUSE SLES15 Security Update : SUSE Manager Salt Bundle (SUSE-SU-2024:1518-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1518-1 advisory. - The vulnerability is due to an input validation error when processing directory traversal sequences during the creation of the Syndic cache...

SUSE-SU-2024:1532-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.12 Monitoring: Node exporter upgraded to 1.7.0 Automatic migration from Salt 3000 to the Salt Bundle New update-salt recurring state uyuni-proxy-systemd-services package has been added to proxy channel...

SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...

SUSE-SU-2024:1517-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Bugs fixed...

Malicious code in actions-next-bundle-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a738c63046c2bd1588c1bcc21eafd03d28a480f73643ea8b429ff5fa00da78b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

Fedora 40 : gnutls (2024-f69ecb0511)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f69ecb0511 advisory. Rebase gnutls to version 3.8.5 ---- Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 ---- Automatic update for...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-591)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-591 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios...