GHSA-674P-XV2X-RF3G Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

PT-2025-34323 · Pypi · Litestar

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or log exceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats...

CVE-2025-54783

creationtimestamp| type| source ---|---|--- 2025-08-07 05:44:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvrzteqplm2k...

CVE-2025-8495

creationtimestamp| type| source ---|---|--- 2025-08-03 04:08:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvhsma4shh26...

Metasploit Wrap-Up 08/01/2025

ESC support in Metasploit This week, we're excited to announce that Metasploit users can now detect certificate templates vulnerable to ESC9, ESC10, and ESC16 using the existing ldapescvulnerabletemplate module. In addition, users can now exploit these vulnerable templates with the brand new...

PT-2025-31613 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The vulnerability is a memory corruption issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

CVE-2025-8176

creationtimestamp| type| source ---|---|--- 2025-07-31 21:25:22+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lvc35nusqs2u 2025-08-17 20:00:04+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwmocrd7os2w 2025-08-21 08:10:13+00:00| seen|...

MINI-C8G5-3MJM-4Q35

Bulletin has no description...

PT-2025-31520 · Undefined · Undefined

CVE-2025-7356 Rejected reason https://t.co/I9AXYWTXil...

yelp and yelp-xsl security update

An update is available for yelp-xsl, yelp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Yelp is the help browser for the GNOME desktop. It is designed to help...

RLSA-2025:7569 Important: yelp and yelp-xsl security update

Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. Security Fixes: yelp: Arbitrary file read CVE-2025-3155 For more details...

CVE-2025-43023

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

CLSA-2025-1753375058 ruby: Fix of CVE-2024-27281

CVE-2024-27281: fix object injection and remote code execution in .rdocoptions and documentation cache loading...

Security update for python-requests

This update for python-requests fixes the following issues: Avoid problems with certificate caching in sslcontext. bsc1246104, ghpsf/requests6767 Update to 2.32.4: CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong...

rsdirectory

Extension: RSDirectory! Version: Old 2.2.7 / New 2.2.8 Update details: Versions affected 1.0.0 through 2.2.7 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. Fixed in 2.2.8 Update URL:...

Cross-site Scripting (XSS)

Overview cadwyn is a Production-ready community-driven modern Stripe-like API versioning in FastAPI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the version parameter of the /docs endpoint. An attacker can execute arbitrary JavaScript code in a user's browser b...

Cadwyn vulnerable to XSS on the docs page

Summary The version parameter of the /docs endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link:...

GHSA-2GXP-6R36-M97R Cadwyn vulnerable to XSS on the docs page

Summary The version parameter of the /docs endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link:...

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...