Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

CLSA-2026-1779298645 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

CLSA-2026-1779096347 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

CLSA-2026-1778874422 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read in dsnsplit when an enhanced status code is not followed by other text...

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

EUVD-2026-8597

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...

Fedora 43 : roundcubemail (2025-58eb59741f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

curl: SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix

Executive Summary libcurl version 8.16.0 contains a critical SMTP command injection vulnerability CVE-quality in the implementation of RFC 3461 Delivery Status Notification DSN parameter support. The vulnerability allows an attacker to inject arbitrary SMTP commands by including CRLF \r\n...

CVE-2025-54433 Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

PT-2025-31371 · Bugsink · Bugsink

Name of the Vulnerable Software and Affected Versions: Bugsink versions 1.4.2 and below Bugsink versions 1.5.0 through 1.5.4 Bugsink versions 1.6.0 through 1.6.3 Bugsink versions 1.7.0 through 1.7.3 Description: Bugsink is a self-hosted error tracking service. Ingestion paths construct file...

ZendFramework potential SQL Injection Vector When Using PDO_MySql

Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...

ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35061 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35061 Source advisory: OSV:GHSA-QV6X-53JJ-VW59...

ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35059 +1 more via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35059, CVE-2024-35061 Source advisory: OSV:GHSA-JQFF-8G2V-642H...

ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35057 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35057 Source advisory: OSV:GHSA-JF28-V5F6-CVPR...

ait-dsn (=2.0.0), ait-gui (>=2.0.0 <=2.4.1) potentially affected by CVE-2024-35058 via ait-core (>=2.3.5 <=2.5.2)

ait-core PYPI version =2.3.5, =2.0.0, =2.4.1 Source cves: CVE-2024-35058 Source advisory: OSV:GHSA-4GXJ-5MMR-7PXQ...

Fedora: Security Advisory for freerouting (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: freerouting-1.3.1-17.fc40

FreeRouting is a routing software intended but not limited for Printed Circuit Boards PCB. By using the standard Specctra or Electra DSN interface it works together with numerous CAD tools including the LayoutEditor, KiCad and Eagle. It imports DSN-files generated by the Specctra interface and...

SUSE CVE-2018-7485

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact...

safe-dsn.com Cross Site Scripting vulnerability OBB-2636482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Updated php-adodb packages fix security vulnerability

Security hotfix release addressing a critical vulnerability in PostgreSQL connections CVE-2021-3850 Additional fixes: Fix usage of getmagic functions 619 657 Fix PHP warning in rs2rs function 679 pdo: Fix Fatal error in query 666 pdo: Fix undefined variable 678 pgsql: Fix Fatal error in close...