32 matches found
Important: Red Hat Security Advisory: redis:7 security update
An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the EqualsUri function. An attacker can cause incorrect URI comparisons by supplying specially crafted input values. Remediation Upgrade uriparser to version 1.0.2 or higher. References -...
GHSA-822V-8W6H-5JXP Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the misinterpretation of the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configuration, which causes unintended ECDSA algorithms to be accepted. An attacker can compromise...
BIT-GITLAB-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...
CVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...
CVE-2024-34600
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage...
Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-35195]
Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...
EUVD-2024-34899
Malicious code in bioql PyPI...
EUVD-2024-28069
Malicious code in bioql PyPI...
EUVD-2022-24602
Malicious code in bioql PyPI...
EUVD-2022-32985
Malicious code in bioql PyPI...
EUVD-2023-57362
Malicious code in bioql PyPI...
The vulnerability of the key_extract_l3l4 function in the net_openvswitch/flow.c module of the openvswitch component of Linux kernel allows a attacker to cause a service failure.
The vulnerability of the keyextractl3l4 function in the netopenvswitch/flow.c module of the openvswitch component in Linux kernels is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures by sending specially crafted MPLS packets...
UBUNTU-CVE-2025-8736
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - requests
Summary IBM Sterling Connect:Direct Web Service uses python - requests , python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Vulnerability Details...
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.13.0, which stems from improper access control of document-hooks.ts and allows unauthorized access to user documents...
Intel QAT 安全漏洞
The Intel QAT Engine for OpenSSL software is an open source software plug-in designed to accelerate OpenSSL cryptographic operations with Intel Quick Assist Technology QAT hardware. A control flow management deficiency vulnerability exists in Intel QAT Engine for OpenSSL software, which can be...
CVE-2024-30133 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability
HCL Traveler for Microsoft Outlook HTMO is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways...