CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

SUSE CVE-2026-30915

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

CVE-2026-22731

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

Spring Boot has an Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

GHSA-8HFC-FQ58-R658 Spring Boot has an Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

EUVD-2026-13345

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

CVE-2026-22731

CVE-2026-22731 affects Spring Boot applications with Actuator. An endpoint that requires authentication, when declared under a specific path already configured for a Health Group additional path, can allow an authentication bypass. Affected versions include Spring Boot 4.0 before 4.0.3, 3.5 befor...

PT-2026-26429

Name of the Vulnerable Software and Affected Versions Spring Boot versions prior to 4.0.3 Spring Boot versions prior to 3.5.11 Spring Boot versions prior to 3.4.15 Description Spring Boot applications utilizing the Actuator feature may be susceptible to an authentication bypass issue. This occurs...

CVE-2025-9444 1000projects Online Project Report Submission and Evaluation System delete_group_student.php sql injection

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/deletegroupstudent.php. The manipulation of the argument batchid leads to sql injection. The attack can be initiated...

DEBIAN-CVE-2025-38258

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damonsysfsschemefilter-memcgpath on write memcgpathstore assigns a newly allocated memory buffer to filter-memcgpath, without deallocating the previously allocated and assigned memory buffer. As a...

PT-2022-7986 · Trueconf · Trueconf Server

Name of the Vulnerable Software and Affected Versions: TrueConf Server version 4.3.7 Description: A vulnerability was found in an unknown functionality of the file /admin/group, leading to basic cross site scripting DOM. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATHINFO to a group URI, as demonstrated by index.php/article/group/id/2/...

BlackCat CMS Cross-Site Scripting Vulnerability

BlackCat CMS is a content management system CMS based on PHP5 and HTML5 developed by Black Cat team. A cross-site scripting vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name of a new group in backend/group/indexphp...