3974 matches found
ROS-20251111-08
A vulnerability in the Python module that provides an interface to c-ares pycares is related to an error in the use of memory after release, caused by incorrect handling of callback references when destroying the Channel object. Exploitation of the vulnerability could allow an attacker acting...
Combodo iTop 安全漏洞
Combodo iTop is a suite of open source web applications developed by the French company Combodo based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
EUVD-2025-38267
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
PT-2025-45470
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description An Open Redirect issue exists in the OAuth callback handler located in the file onlook/apps/web/client/src/app/auth/callback/route.ts. The application improperly validates the X-Forwarded-Host...
CVE-2025-63784
Onlook web application 0.2.32 contains an Open Redirect vulnerability in the OAuth callback handler (file onlook/apps/web/client/src/app/auth/callback/route.ts). The issue arises from trusting the X-Forwarded-Host header without proper validation when constructing the redirect URL, enabling an at...
CVE-2025-63784
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988717)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988717 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid hvvpindex...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990345)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990345 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use sndcardfreewhenclosed at disconnection The USB disconnect callback is supposed t...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990381)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990381 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without...
Use-After-Free
github.com/envoyproxy/envoy is vulnerable to a Use-After-Free. The vulnerability is due to improper handling of DNS cache operations in the Dynamic Forward Proxy implementation, where a completion callback can trigger new or remove existing DNS resolutions, which allows an attacker to cause...
CVE-2025-11890 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...
CVE-2025-11890
CVE-2025-11890 : The Crypto Payment Gateway with Payeer for WooCommerce WordPress plugin is vulnerable to an unauthenticated payment bypass in all versions up to 1.0.3. The flaw stems from improper server-side verification of payment status via the /wc-api/bp-payeer-gateway-callback endpoint, all...
CVE-2025-11890 Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...
PT-2025-44941
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: efivarfs: The memory leak in efivarfsfsinfo during fscontext error paths has been fixed. When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in the initialization of the fscontext. However, sfi is associate...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevents VMA splitting of buffer mappings. The perfmmap code is careful to map the user page using mmap along with the ringbuffer and the auxiliary buffer, when the event supports this. Once the first mapping is...