CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

EUVD-2023-2743

Malicious code in bioql PyPI...

SUSE-SU-2025:20717-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - Update to version 0.2.8+12:...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1 builddeps:...

SUSE-SU-2025:02961-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 - Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

PT-2025-29919 · Unknown +2 · Rucio-Webui +3

Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...

CVE-2025-25184

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

Bootiful Spring Boot 3.4: Spring Boot

And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...

SUSE CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with logformat directive...

CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with logformat directive...

CVE-2022-4886

CVE-2022-4886 is an Ingress-Nginx vulnerability where path sanitization can be bypassed via the log_format directive. IBM and OSV entries describe an impact: a remote authenticated attacker could obtain credentials information from Kubernetes Ingress Controller (ALB) deployments affected by this ...

PT-2023-6604 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker ...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability occurs when the log format is set to default making it possible to insert data into log files...

Information disclosure

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

UBUNTU-CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-3363 Insertion of Sensitive Information into Log File in GitLab

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...