Octopus Deploy 安全漏洞

Octopus Deploy is an automated tool developed by the Australian company Octopus, used for the development and deployment of applications in .NET, Java, and other programming languages. There is a security vulnerability in Octopus Deploy, which stems from the lack of validation in the API endpoint...

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

UBUNTU-CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

CVE-2025-46415

CVE-2025-46415 involves a race condition in the Nix, Lix, and Guix package managers that can lead to removal of content from arbitrary folders. The connected documents specify affected versions: Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; Guix before 1.4...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

GHSA-WR2M-38XH-RPC9 Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use

Summary An improper uploaded media ownership check can result in inadvertent deletion of media when a user is banned with content removal or purged. This can lead to deletion of media that was not uploaded by the banned/purged user. This also applies to purged communities, in which case all media...

PT-2022-13256 · Unknown · Openshift-Logging/Elasticsearch6-Rhel8 +3

Name of the Vulnerable Software and Affected Versions: origin-aggregated-logging versions 3.11 Description: A flaw was found in the original fix for the netty-codec-http issue, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete, and the vulnerable...

GHSA-PW59-4QGF-JXR8 Cache Manipulation Attack in Apache Traffic Control

When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...

WordPress Woody ad snippets plugin security feature issue vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Woody ad snippets is used in one of the pages to add ads to the plugin. The WordPress Woody ad snippets plugin has a security signature...

Reddit Removes NSL Warrant Canary from Transparency Report

Reddit’s latest transparency report is missing a nugget of information that was present in a previous report. Last year’s report included a warrant canary which stated that as of Jan. 29, 2015, Reddit had never received a National Security Letter, Foreign Intelligence Surveillance Court order or...

Latest Microsoft Transparency Report Details Content Removal Requests

Microsoft launched a new transparency website this week that bundles reports detailing requests for data the company has received, including those from law enforcement, the government, and elsewhere. The page, which Microsoft is calling its Transparency Hub, is somewhat similar to what Apple did...

Cheezburgers, Warrant Canaries and Cat Memes

Surveillance, privacy and security are serious subjects. So too, for some people, are cat memes and GIFs of screaming goats. And Cheezburger Inc., the premier purveyor of said memes and GIFs, wants its users to know that the company is standing up for their rights. The folks at Cheezburger have...

Reddit Publishes its First Transparency Report

Reddit on Thursday published its first transparency report, joining the litany of technology and online service providers who have already shed light on their privacy practices, and the extent to which governments makes requests for user information. Reddit thrives on user-submitted content...

DLA-34-1 libapache-mod-security - security update

Bulletin has no description...

Twitter 'Weighing Legal Options' On Publishing National Security Requests Data

Twitter officials are pushing the United States government for more freedom to publish specific numbers about national security information requests, and said the company is considering its legal options if the government doesn’t allow more data to be made public. In its latest transparency repor...

Google Transparency Report Requests Up to Remove Information

Google has released a new Transparency Report, this time pointing out sharp increases in the number of government requests from Brazil and Russia it received to remove content from Google-branded websites. This is the seventh time the Mountain View-based company has released the report that...

Google Report Shows It Complied With 93% of U.S. Law Enforcement Data Requests

Google complied with 93 percent of the requests for user data that it received from U.S. law enforcement agencies through the first six months of this year. In the latest update to its Transparency Report, Google for the first time not only disclosed the number of requests that it receives, but...