SUSE CVE-2025-11375

Consul and Consul Enterprise's “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

Security Bulletin: Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Summary Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for HCSEC-2025-24 which allowed for processing JSON payloads before applying rate limits. This vulnerability,...

DEBIAN-CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

EUVD-2023-2015

Malicious code in bioql PyPI...

EUVD-2024-0243

Malicious code in bioql PyPI...

EUVD-2022-1122

Malicious code in bioql PyPI...

CVE-2021-35342

The useradm service 1.14.0 in Northern.tech Mender Enterprise 2.7.x before 2.7.1 and 1.13.0 in Northern.tech Mender Enterprise 2.6.x before 2.6.1 allows users to access the system with their JWT token after logout, because of missing invalidation if the JWT verification cache is enabled...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

PT-2025-18795 · Hashicorp +1 · Vault Community +3

Name of the Vulnerable Software and Affected Versions: Vault Community versions prior to 1.19.3 Vault Enterprise versions prior to 1.19.3, 1.18.9, 1.17.16, 1.16.20 Description: The Key/Value kv Version 2 plugin in Vault Community and Vault Enterprise may unintentionally expose sensitive informati...

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

CVE-2024-53246

CVE-2024-53246 affects Splunk products where an SPL command can disclose sensitive information. Affected are Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206. Exploitation requires chainin...

PT-2024-9200 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: Cross Site Request Forgery vulnerabilities were found, providing a potential for exposing sensitive information or changing system...

PT-2024-27029 · Faronics · Winselect

Name of the Vulnerable Software and Affected Versions: Faronics WINSelect Standard + Enterprise affected versions not specified Description: The application saves its configuration in an encrypted file on the file system, which "Everyone" has read and write access to. The paths to the configurati...

Varnish Cache 安全漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache versions prior to 7.3.2 and 7.4.x prior to 7.4.3 and Varnish Enterprise versions prior to 6.0.12r6, which stems from a credit exhaustion that allows HTTP/2 connections to control the flow...

CVE-2023-41178

Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176...

Tigergraph Code Issues Vulnerabilities

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0. An attacker exploiting this vulnerability could change the...

Faveo Helpdesk 跨站脚本漏洞

Faveo Helpdesk is Faveo's open source ticketing system built on the Laravel framework. A security vulnerability exists in Faveo Helpdesk Enterprise version 6.0.1, which stems from the vulnerability of the application to stored XSS, allowing an attacker with proxy privileges to perform privilege...

PT-2023-23856 · Trend Micro · Trend Micro Mobile Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Mobile Security Enterprise version 9.8 SP5 Description: The issue allows a remote attacker to create arbitrary files on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged...

PT-2023-23858 · Trend Micro · Trend Micro Mobile Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Mobile Security Enterprise version 9.8 SP5 Description: The issue allows a remote attacker to execute arbitrary code on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged...

PT-2023-23855 · Trend Micro · Trend Micro Mobile Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Mobile Security Enterprise version 9.8 SP5 Description: The issue allows a remote user to bypass authentication, potentially chaining with other vulnerabilities. An attacker must first obtain the ability to execute low-privileged...