9 matches found
CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
oma 注入漏洞
Oma is an AOSC-Dev open-source package manager for AOSC OS. Versions of Oma prior to 1.25.2 had a injection vulnerability. This vulnerability stemmed from Oma-topics not checking the transliterated value of the name field in metadata, which could allow malicious APT source entries to be added to...
PT-2026-31657
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
PT-2026-1017
Name of the Vulnerable Software and Affected Versions eopkg versions prior to 4.4.0 Description eopkg is a package manager for Solus implemented in Python3. A malicious package could bypass the directory restrictions imposed by the --destdir option. Exploitation requires installing a package from...
CVE-2025-30354 Bruno ignores Safe-Mode in Asserts expressions
Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...
CVE-2025-30210 Bruno XSS On Environment Name
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...
Privilege escalation
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...
How Reputation Intelligence Improves Application Security
Reputation intelligence is information about cyber entities known for specific activity, whether malicious or benign, which can be fed to and actioned on by a web application firewall WAF. It provides an additional application security layer by effectively identifying and blocking threats from...
Cisco Webex Meeting - Open Redirect Web Vulnerability
Document Title: =============== Cisco Webex Meeting - Open Redirect Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1950 PSIRT ID: 1079904098 Bulletin:...