Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Impact This is a critical remote code execution RCE vulnerability caused by unsafe use of logging.config.dictConfig with user-controlled input. Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging...

EUVD-2006-3579

Malware in sbrugna...

CVE-2024-29199

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...

CVE-2025-32962

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

GHSA-99PM-CH96-CCP2 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...

CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

CVE-2025-32962

CVE-2025-32962 affects Flask-AppBuilder before 4.6.2. An unauthenticated attacker can trigger an open redirect by manipulating the HTTP Host header. The root cause is insufficient validation of redirect targets. The advisory notes that Flask-AppBuilder 4.6.2 introduces the FAB_SAFE_REDIRECT_HOSTS...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2024-29199

CVE-2024-29199 affects Nautobot, where multiple URL endpoints were accessible to unauthenticated users due to default EXEMPT_VIEW_PERMISSIONS behavior. The root cause is improper access control exposing data unless permissions are explicitly granted. The vulnerability is mitigated by fixes in Nau...

MediaWiki 信息泄露漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. An information disclosure vulnerability exists in ManageWiki, which stems from the "wikiconfig" A...

SUSE: Security Advisory (SUSE-SU-2020:0992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PrestaShop Configuration Variable Rewrite Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in PrestaShop versions 1.6.0.1 through prior to 1.7.6...

Fedora 27 : mrbs (2017-f93ebc905e)

Changes since MRBS 1.6.1 : - Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation. - Improved behaviour of browser caching in MRBS. - Improved localisation, especially the use of colons in labels. - Added ne...

ComScore direct tag - Less critical - Cross site scripting - SA-CONTRIB-2017-095

This module enables you to use the comScore Direct analytics system on a site. The module doesn't sufficiently sanitize one of the configuration variables prior to rendering it. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer comScore...

Fedora 25 : mrbs (2017-b5bcfedf10)

Changes since MRBS 1.6.1 : - Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation. - Improved behaviour of browser caching in MRBS. - Improved localisation, especially the use of colons in labels. - Added ne...

PHP 5.3.9 'php_register_variable_ex()' Code Execution (intrusive check)

The remote host is running a version of PHP that is affected by an arbitrary code execution vulnerability. Specifically, the fix for the hash collision denial of service vulnerability CVE-2011-4885 introduces a remote code execution vulnerability in the function 'phpregistervariableex' in the fil...

DSA-2403-1 php5 - code injection

Bulletin has no description...

GLSA-200903-15 : git: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-15 git: Multiple vulnerabilities Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell metacharacter...

git: Multiple vulnerabilties

Background GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Description Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell...