36 matches found
CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...
Linux Distros Unpatched Vulnerability : CVE-2026-31699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmwa...
Linux Distros Unpatched Vulnerability : CVE-2026-31697
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if t...
thunderbird: Out of bounds read in IMAP parsing
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...
SUSE CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
Decidim's private data exports can lead to data leaks
Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
Security Bulletin: IBM Datapower Operations Dashboard could allow a potential data leak CVE-2025-49574
Summary vert.x is used in KeyCloak which is used by the IBM Datapower Operations Dashboard for authentication and authorization Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to...
GHSA-JJ37-3377-M6VV Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...
EUVD-2006-0920
Malware in sbrugna...
EUVD-2020-19776
Malware in sbrugna...
EUVD-2019-2192
Malware in sbrugna...
EUVD-2025-4782
Malicious code in bioql PyPI...
EUVD-2024-49642
Malicious code in bioql PyPI...
EUVD-2025-16308
Malicious code in bioql PyPI...
Amazon Linux 2023 : coreutils, coreutils-common, coreutils-single (ALAS2023-2025-1194)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1194 advisory. A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted...
Linux Distros Unpatched Vulnerability : CVE-2024-0553
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with...
CVE-2025-54988
This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...
Linux Distros Unpatched Vulnerability : CVE-2021-30682
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS...
Security update for coreutils
This update for coreutils fixes the following issues: CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data bsc1243767 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...