93 matches found
EUVD-2022-48724
Malicious code in bioql PyPI...
EUVD-2025-7793
Malicious code in bioql PyPI...
EUVD-2021-9354
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-47917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function...
CVE-2025-43230
CVE-2025-43230 affects Apple platforms (iPadOS, iOS, macOS Sequoia, watchOS, visionOS, tvOS) with an issue that could allow an app to access user-sensitive data. The vulnerability is addressed by fixes in iPadOS 17.7.9, iPadOS 18.6, iOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, and visio...
curl: curl ASSERTs when accessing an LDAP URL
Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...
PT-2025-29755 · Westerndeal · Gsheetconnector
Name of the Vulnerable Software and Affected Versions: GSheetConnector versions n/a through 1.3.20 Description: A Cross-Site Request Forgery CSRF issue exists in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector. This allows attackers to perform actions on behalf of authenticated...
Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data
Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...
CVE-2025-38236
creationtimestamp| type| source ---|---|--- 2025-07-08 09:56:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltgzxk5ypa2w 2025-08-08 05:00:00+00:00| seen| https://projectzero.google/2025/08/from-chrome-renderer-code-exec-to-kernel.html 2025-08-08 08:43:00+00:00| seen|...
CVE-2025-6763 Comet System H3531 Web-based Management setupA.cfg missing authentication
A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...
CVE-2021-4457
CVE-2021-4457 concerns the ZoomSounds WordPress plugin prior to 6.05, where a vulnerable PHP file allows unauthenticated users to upload arbitrary files anywhere on the web server. This leads to a high-impact exposure (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N; base 9.1) affecting the plugin’...
CVE-2022-50163
In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...
Important: cni-plugins
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
CVE-2025-4687
In Teltonika Networks Remote Management System RMS, it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account a...
CVE-2023-6564
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...
PT-2025-22049 · Checkbot · Checkbot
Name of the Vulnerable Software and Affected Versions: CheckBot versions 1.05 and earlier Description: A Cross-Site Request Forgery CSRF issue in Ref CheckBot allows for Stored XSS. This means an attacker can execute malicious scripts on the victim's browser, potentially leading to unauthorized...
Fedora 41 : golang-github-nats-io-nkeys (2025-e8a6a13553)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e8a6a13553 advisory. updates dependencies to close security loophole Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
CVE-2025-46344
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...
CVE-2025-24178
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox...
Linux Distros Unpatched Vulnerability : CVE-2025-21670
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be...