PT-2026-42036

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

EUVD-2019-17185

Malware in sbrugna...

EUVD-2019-0003

Malware in sbrugna...

GHSA-X4RX-4GW3-53P4 vulnerabilities

Vulnerabilities for packages: kargo, buildkitd, nerdctl, tw, zarf, openfga, telegraf, cadvisor, trivy, opentelemetry-collector-contrib, grype, aws-otel-collector, prometheus, splunk-otel-collector, osv-scanner, trufflehog, falcoctl, wolfictl, melange, spire-server, opentelemetry-collector, k9s,...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

RHEL 8 : Red Hat OpenShift Serverless Client kn 1.12.0 (Moderate) (RHSA-2021:0145)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0145 advisory. Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux...

USN-6773-1: .NET vulnerabilities

It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. CVE-2024-30045 It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use th...

BIT-RABBITMQ-2021-32718 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

Fedora: Security Advisory for kde-cli-tools (FEDORA-2023-e31c3e4b6c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5798-1: .NET 6 vulnerability

Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint...

MAL-2022-1184 Malicious code in avax-js-cli-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20bcbb8282cba23d9c896b37231cedc6bae3b5042eff2693e1ee677525401345 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wallet-cli-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d228e16eb4c5d94664318aad7e989056093999fdd5b457b61629abe937fdadfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...

openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the...

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client...

CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

Design/Logic Flaw

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

CVE-2021-32719

CVE-2021-32719 affects RabbitMQ’s rabbitmq-server prior to version 3.8.18 where, when a federation link is shown in the management UI via the rabbitmq_federation_management plugin, the consumer tag is rendered without proper [removed] tag sanitization. This could allow JavaScript execution in the...