27 matches found
EUVD-2021-2595
Malware in sbrugna...
EUVD-2019-6991
Malware in sbrugna...
EUVD-2025-6969
Malicious code in bioql PyPI...
TencentOS Server 2: grub2 (TSSA-2022:0288)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0288 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CVE-2024-21033
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2019-16174
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity...
Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2025-25201
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...
CVE-2025-25201
CVE-2025-25201 concerns Nitrokey 3 Firmware. The PIV application could accept invalid keys for authentication of the admin key in releases up to 1.8.0 (and certain pre-1.8.0 test builds), allowing an attacker without the proper admin key to generate new keys and overwrite certificates, compromisi...
CVE-2024-0549
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
Exploit for Cross-site Scripting in Salesagility Suitecrm
CVE-2024-50335: Authenticated XSS in "Publish Key" Field Allow...
The vulnerability in the Firefox web browser, related to the absence of a handler that prevents unauthorized access to confidential data, allows attackers to compromise the integrity of such data and cause service interruptions.
The vulnerability in the Firefox web browser is related to the absence of a handler. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service interruptions...
ROS-20240902-23
A vulnerability in the Flatpak application and environment management tool is related to improper Neutralization of special output elements used by a downstream component. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data and compromise its integrity...
ROS-20240820-12
A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...
The vulnerability of Varnish cache servers, related to the manipulation of requests on the server side, allows attackers to compromise the integrity of the protected information.
The vulnerability of the Varnish cache server relates to the manipulation of requests on the server side. Exploiting this vulnerability allows a malicious actor to affect the integrity of the protected information through a specially crafted HTTP request...
PT-2024-1614 · Emerson · Emerson Rosemount Gc700Xa +2
Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, and GC1500XA products affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of Emerson Rosemount GC1500XA, GC700XA, and GC370XA products. An...
PT-2024-1121
Name of the Vulnerable Software and Affected Versions X.Org Server affected versions not specified Description A flaw was found in the X.Org server, specifically in the DeviceFocusEvent and XIQueryPointer functions, which can lead to a heap overflow. This issue is caused by the server allocating...