EUVD-2022-29635

Malicious code in bioql PyPI...

PT-2025-19344 · Unknown · Sourcecodester/Oretnom23 Stock Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester/oretnom23 Stock Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester/oretnom23 Stock Management System. This affects an unknown part of the file /admin/?page=purchase order/view po...

XWiki allows unregistered users to access private pages information through REST endpoint

Impact Protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

PT-2022-28282 · Unknown · Moment-Timezone

Name of the Vulnerable Software and Affected Versions: moment-timezone versions prior to 0.5.35 Description: The issue arises when using grunt data or grunt release to prepare a custom build of moment-timezone with the latest tzdata from IANA's website. If an attacker intercepts the request to...

RHEL 7 : heketi (RHSA-2019:3255)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3255 advisory. Heketi provides a RESTful management interface that can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like...