31 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: NetworkManager (UTSA-2026-016802)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016802 advisory. A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configu...
DRUPAL-CONTRIB-2026-024
The Google Analytics GA4 module enables users to add custom attributes to the script tag used to load the Google Analytics library. The module does not sufficiently sanitize these attributes. This vulnerability is mitigated by the fact that an attacker must have a role with the "ga4 configure" or...
CVE-2025-64758
CVE-2025-64758 affects Dependency-Track frontend (SPA). From 4.12.0 up to before 4.13.6, administrators with SYSTEM_CONFIGURATION could configure a login-page welcome message that was not properly sanitized, allowing arbitrary JavaScript to execute in users’ browsers. The issue results in a persi...
EUVD-2022-5097
Malicious code in bioql PyPI...
EUVD-2023-1477
Malicious code in bioql PyPI...
EUVD-2023-1906
Malicious code in bioql PyPI...
EUVD-2022-3405
Malicious code in bioql PyPI...
EUVD-2022-5637
Malicious code in bioql PyPI...
CVE-2025-54287
Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...
CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting
In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...
CVE-2025-34173
Summary: CVE-2025-34173 affects pfSense CE Snort package (snort_ip_reputation.php). The iplist parameter is not sanitized against directory traversal when checking if a file exists, enabling an authenticated attacker (WebCfg - Snort) to determine whether files exist and enumerate files on the tar...
CVE-2024-43397
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...
CVE-2023-33007
Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2019-15716
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...
CVE-2022-34783
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...