14 matches found
CVE-2026-44262
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...
SUSE-SU-2026:0474-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. - CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256095. -...
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
Summary The arcade-mcp HTTP server uses a hardcoded default worker secret "dev" that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This...
Unbreakable Enterprise kernel security update
5.15.0-313.189.5.1 - afunix: Don't leave consecutive consumed OOB skbs. Kuniyuki Iwashima Orabug: 38528187 CVE-2025-38236 - fs: writeback: fix use-after-free in markinodedirty Jiufei Xue Orabug: 38528183 CVE-2025-39866 - rtnetlink: Fix L3 stats disable handling in rtnloffloadxstatsfill Vijayendra...
EUVD-2019-13930
Malware in sbrugna...
CVE-2024-26229
creationtimestamp| type| source ---|---|--- 2024-06-11 07:33:54+00:00| published-proof-of-concept| https://t.me/truesec/80 2024-06-11 10:21:23+00:00| published-proof-of-concept| https://t.me/RalfHackerChannel/1500 2024-06-11 10:22:25+00:00| published-proof-of-concept| https://t.me/hackingbra/161...
CVE-2024-31451 Limited file write in routes.py (GHSL-2023-250)
DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1...
CVE-2023-0953
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources...
EulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)
According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Th...
CVE-2010-2550
creationtimestamp| type| source ---|---|--- 2010-08-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/14607 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/ms10054queryfspooloverflow.rb 2025-02-06...
Nokia Electronic Documentation 5.0 - Path Disclosure
source: https://www.securityfocus.com/bid/8624/info Nokia Electronic Documentation NED is prone to a vulnerability that may enable remote attackers to list directory contents. This issue may be exploited by appending a dot . to a request for a NED page. Exploitation will also have the side-effect...
CVE-2025-47297
...
CVE-2020-12569
...
CVE-2024-23401
CVE-2024-23401 entry is rejected/not used and does not represent an active vulnerability.