CVE-2025-62782 InventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved ...

CVE-2025-62782

Summary: InventoryGui (a Bukkit/Spigot plug‑in library) contains a vulnerability in versions 1.6.3-SNAPSHOT and earlier where GUIs using GuiStorageElement can cause item duplication when the experimental Bundle item feature is enabled. The issue is resolved in version 1.6.4-SNAPSHOT. What is affe...

CVE-2025-62782 InventoryGUI vulnerable to item duplication via Bundle items when using GuiStorageElement

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved ...

EUVD-2025-36358

InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement...

GHSA-RGVH-4M82-FVJQ InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement

Impact Any plugin using the GuiStorageElement is impacted when used on a server which allows the currently experimental Bundle items. Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 "backported" to 1.6.3-SNAPSHOT Update to...

InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement

Impact Any plugin using the GuiStorageElement is impacted when used on a server which allows the currently experimental Bundle items. Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 "backported" to 1.6.3-SNAPSHOT Update to...

EUVD-2025-36359

InventoryGui affected by item duplication in GUIs which use GuiStorageElement...

PT-2025-44048

Name of the Vulnerable Software and Affected Versions InventoryGui versions 1.6.1-SNAPSHOT and earlier Description A flaw exists in InventoryGui that could allow item duplication when the experimental Bundle item feature is enabled on the server. This issue affects any plugin utilizing the...

PT-2025-44049

Name of the Vulnerable Software and Affected Versions InventoryGui versions prior to 1.6.5 Description InventoryGui is a library used for creating chest GUIs for Bukkit/Spigot plugins. A flaw exists in versions before 1.6.5 where item duplication can occur. This happens when a plugin utilizes a G...

PT-2025-44044

Name of the Vulnerable Software and Affected Versions InventoryGui versions 1.6.3-SNAPSHOT and earlier Description InventoryGui, a library for creating chest GUIs for Bukkit/Spigot plugins, contains an issue where GUIs utilizing GuiStorageElement may allow item duplication when the experimental...

Oracle Linux 7 : microcode_ctl (ELSA-2025-10108)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-10108 advisory. 2:2.1-73.24.0.20250512 - update microcode bundle to 20250512 Orabug: 38139038 2:2.1-73.23.0.20250211 - update microcode bundle to 20250211 Orabug: 37670820 -...

microcode_ctl security update

2:2.1-73.24.0.20250512 - update microcode bundle to 20250512 Orabug: 38139038 2:2.1-73.23.0.20250211 - update microcode bundle to 20250211 Orabug: 37670820 - drop releasenote.md file 2:2.1-73.20.0.1 - don't bother calling dracut if virtualized Orabug: 35702409 - also rebuild initramfs for...

CVE-2025-11842

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

How to Collect Logs from Veeam Appliance Installer

Purpose This article documents how to collect logs from the installer for the Software Appliances included with Veeam Backup & Replication 13 Veeam Software Appliance, Veeam Infrastructure Appliance, and Veeam Hardened Repository Appliance. This procedure may be required if an installation-relate...

GHSA-9RVM-P3QM-F4VV Smidge is vulnerable to Path Traversal

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

Smidge is vulnerable to Path Traversal

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

CVE-2025-11842

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

CVE-2025-11842

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Bundle Handler component when processing the Version argument. An attacker can access or modify files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack...

CVE-2025-11842 Shazwazza Smidge Bundle path traversal

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is...