371 matches found
Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd (CVE-2025-30204)
The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns / etcd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30204 advisory. - golang-jwt is a Go...
CVE-2025-2865 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2025-2865
CVE-2025-2865 affects Arteche/saTECH BCU firmware 2.1.3. The issue is a reflected/stored cross-site scripting (XSS) vulnerability in the web server that could cause malicious resources to be stored and interpreted by victims when visiting the affected site. Multiple sources corroborate firmware 2...
Cross-site Request Forgery (CSRF)
Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...
Linux Distros Unpatched Vulnerability : CVE-2025-27515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could...
DEBIAN-CVE-2025-27515
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
GHSA-78FX-H6XR-VCH4 Laravel has a File Validation Bypass
When using wildcard validation to validate a given file or image field array files., a user-crafted malicious request could potentially bypass the validation rules...
CVE-2025-27515 Laravel has a File Validation Bypass
Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...
CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
CVE-2022-42447
HCL Compass is vulnerable to Cross-Origin Resource Sharing CORS. This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request...
CVE-2022-39294
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...
CVE-2024-52320
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution...
CLSA-2025-1738695944 samba: Fix of 2 CVEs
Fix CVE-2023-42669: disable the rpcecho server - Fix CVE-2022-2127: fix out-of-bounds read triggered by a malicious request...
OpenPanel 安全漏洞
OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel v0.3.4, which originates in the File Manager component of OpenPanel, and can be exploited to access and view a directory traversal operation by constructing a malicious HTTP request and utilizing th...
Malicious code in requesr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...
CVE-2024-53981 python-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundary
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
CVE-2023-1419
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
PT-2024-10296 · Planet Technology +1 · Planet Wgs-804Hpt +2
The affected product is susceptible to a stack-based buffer overflow, which can be triggered by an unauthenticated attacker sending a malicious HTTP request. The webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. An exploit f...
CVE-2024-20420 Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server...