EUVD-2026-20060

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

CVE-2026-5082

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...

CVE-2026-3525

A flaw was found in Drupal File Access Fix deprecated. An incorrect authorization vulnerability allows an attacker to perform forceful browsing, potentially leading to unauthorized access to sensitive information or resources. This issue arises due to improper checks on file access permissions...

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hookfiledownload when a custom or contrib module implements that hook leading to access bypass...

EUVD-2018-0333

Malware in sbrugna...

EUVD-2022-7228

Malicious code in bioql PyPI...

openSUSE 15 Security Update : perl-Data-Entropy (openSUSE-SU-2025:0123-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0123-1 advisory. Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm...

OPENSUSE-SU-2025:0123-1 Security update for perl-Data-Entropy

This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand function...

OESA-2024-2478 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Design/Logic Flaw

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

Design/Logic Flaw

Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...

CVE-2018-3772

Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...

CVE-2018-3772

Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...

CVE-2018-3772

Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...

Insecure Default Configuration

Overview Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive...