Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from a login failure with a non-existing username that has a different execution tim...

CVE-2024-11301

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator...

CVE-2024-10267

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all...

CVE-2024-10267

The CVE-2024-10267 entry concerns transformeroptimus/superagi with an information-disclosure bug in the user registration endpoint. An attacker can leak sensitive user data (names, emails, and passwords) by attempting to register with an email already in use, causing the server to return all info...

Improper Authentication

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Improper Authentication due to missing restrictions to create accounts using the same email address, allowing an attacker to escalate privileges or take over accounts by registering...

CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

WordPress plugin miniOrange Social Login and Register 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2024-26618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with...

CVE-2025-1717

The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen' function. This makes it possible for unauthenticated attackers to log in an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the parisc architecture not properly handling a page-not-existing condition during a non-access data TLB cac...

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

CVE-2024-10020

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...

CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements...

Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they...

PT-2025-36286

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the SMB server implementation. A flaw exists because destroy workqueuesmb direct wq was called before stop sessions, leading to existing...

CVE-2024-12798

A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...

CVE-2024-12798 JaninoEventEvaluator vulnerability

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

Malicious code in non-existing-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d6cdc7e109d95350fca4106c87505a6e873352199682c0b1edc6cb36e3ea84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11923 Malicious code in non-existing-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1d6cdc7e109d95350fca4106c87505a6e873352199682c0b1edc6cb36e3ea84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

How to Update Location Profile Endpoint Details and Preserve Access to an Existing Kopia Storage Repository

Purpose This article documents the correct procedure to update the Endpoint details in the Location Profile for an existing Kopia storage repository in S3-compatible stores and ensure the existing associated repositories remain accessible. Customers may wish to update the Endpoint details e.g.,...