185 matches found
CVE-2024-1887
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...
CVE-2023-5654
The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...
CVE-2023-47122
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...
CVE-2021-36393
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses...
CVE-2017-18888
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...
CVE-2025-45887
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...
CVE-2022-49790 Input: iforce - invert valid length check when fetching device IDs
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...
CVE-2025-39989 x86/mce: use is_copy_from_user() to determine copy-from-user context
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
CVE-2025-22086
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5pollone curqp update flow When curqp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bug however is that we are...
Moodle 4.3.x < 4.3.8 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.14, 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.4. It is, therefore, affected by multiple vulnerabilities. - An IDOR when fetching report schedules. - Some users can...
CVE-2025-2886
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...
CVE-2025-2886
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...
CVE-2025-2887
During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...
CVE-2025-2887 Failure to detect delegated target rollback in tough
During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...
CVE-2025-2886
CVE-2025-2886 describes a flaw in the Amazon tough (TUF) client: missing validation of terminating delegations causes the client to continue searching the delegation list after a terminating delegation, potentially fetching a target from an incorrect source and altering contents. Affected softwar...
Linux Distros Unpatched Vulnerability : CVE-2023-45285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using go get to fetch a module with the .git suffix may unexpectedly fallback to the insecure git:// protocol if the module is unavailable via the secure https:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the 9p protocol not properly handling fid reference counts when fetching links...
Updated libreoffice packages fix security vulnerabilities
Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...
MGASA-2025-0035 Updated libreoffice packages fix security vulnerabilities
Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...
CVE-2024-56638
CVE-2024-56638 affects the Linux kernel’s netfilter nft_inner handling of percpu inner-header offsets under softirq. The vulnerability stems from a race where softirq can interrupt a process-context walk over a percpu area that contains inner header offsets, potentially leading to inconsistent pe...