Argo CD GitOps Engine does not scrub secret values from patch errors

Impact A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally o...

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

...

SUSE CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

CVE-2025-24369

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

PT-2025-4007 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found, allowing for remote SQL injection. The manipulation of the sort/order argument in an unknown function of the file...

Medium: grpc

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

VulnCheck KEV: CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...

CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

PT-2025-4789 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to the version that includes commit 14acb704891245bf1703ce6296d62112e85aa995 Description: PwnDoc is a penetration test report generator that lacks CSRF protection, allowing attackers to send requests on a logged-in user'...

CVE-2025-21634

CVE-2025-21634 concerns the Linux kernel cpuset/cgroup path where kernfs active protection can be broken during concurrent cpuset writes, triggering a warning and potential deadlock risk. The root cause involved a sequence of hotplug-related changes that async/sync cpuset processing and previousl...

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1

Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...

DEBIAN-CVE-2024-57886

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...

UBUNTU-CVE-2024-52006

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...

PT-2025-3019 · Discourse · Discourse Ai

Name of the Vulnerable Software and Affected Versions: Discourse AI affected versions not specified Description: The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak...

PT-2025-7091

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to commit d5873b Description: A memory leak was discovered in the libavutil/mem.c component. Recommendations: For versions prior to commit d5873b, update to a version that includes the fix for the memory leak in the...

PT-2025-7092

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit d5873b Description The vulnerability is a memory leak in the libavutil/iamf.c component. Exploitation may allow a remote attacker to disclose protected information. The vulnerability can be exploited to crash...

CVE-2024-57839

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...