CVE-2026-10273

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

CVE-2026-10273 php-censor Webhook Endpoint GitBuild.php os command injection

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

GHSA-QJWP-HRQ6-R26R kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

EUVD-2025-16506

Malicious code in bioql PyPI...

CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

PT-2024-31600 · Quicly · Quicly

Name of the Vulnerable Software and Affected Versions: Quicly versions up to commtit d720707 Description: Quicly is an IETF QUIC protocol implementation. It is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes the...

PT-2023-23584 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions prior to 12.4 Description: A command injection issue exists in WWBN AVideo, allowing Remote Code Execution when the CloneSite Plugin is used. This issue is related to the plugin/CloneSite/cloneClient.json.php endpoint. It...

GSD-2022-1007087 drm/omap: dss: Fix refcount leak bugs

drm/omap: dss: Fix refcount leak bugs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit a5ce83e85d795ec98697039ecc518b21d5810ad...

DEBIAN-CVE-2022-35064

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in asanmemset...