PT-2026-1030

Name of the Vulnerable Software and Affected Versions go-sonic versions up to 1.1.4 Description A server-side request forgery issue exists in the Theme Fetching API of go-sonic. The flaw is located in the FetchTheme function within the service/theme/git fetcher.go file. Manipulation of the uri...

Grist 代码问题漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A code issue vulnerability exists in Grist versions prior to 1.7.7, which stems from a privileged network access risk in the server-side URL fetching functionality that could lead to an escalated attack...

CVE-2025-62719 LinkAce: Limited Server-Side Request Forgery (SSRF) in Keyword Fetching Functionality

LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests to them without validating that the destination is not an internal or private network resource...

EUVD-2021-27288

Malware in sbrugna...

EUVD-2021-17133

Malware in sbrugna...

EUVD-2019-13428

Malware in sbrugna...

EUVD-2018-4984

Malware in sbrugna...

EUVD-2025-6006

Malicious code in bioql PyPI...

EUVD-2023-37528

Malicious code in bioql PyPI...

EUVD-2025-8665

Malicious code in bioql PyPI...

EUVD-2023-2809

Malicious code in bioql PyPI...

EUVD-2024-0070

Malicious code in bioql PyPI...

EUVD-2022-29985

Malicious code in bioql PyPI...

uprobe: avoid out-of-bounds memory access of fetching args

...

Security update for git

This update for git fixes the following issues: Updated to 2.43.7 jscPED-13447: CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk bsc1245938 CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk bsc1245939 CVE-2025-46835: Fixed arbitrary writable...

PT-2025-39137

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the libceph component related to invalid accesses to ceph connection v1 info. Specifically, generic code in messenger.c reads and writes to the...

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

CVE-2025-53097 Roo Code extension vulnerable to Potential Information Leakage via JSON Schema

Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

CVE-2024-1887

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...