EUVD-2026-4959

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

CVE-2023-46731 Remote code execution through the section parameter in Administration as guest in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet ...

PT-2025-26065 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug was found in the ast vhub init desc function. The issue arises because of node put is not called for the reference returned by of get child by name, which increases...

GHSA-WWGQ-9JHF-QGW6 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys

Impact Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email. Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply...

Error "Superblock last mount time is in the future" from fsck when booting a Linux VM

In only one host, restarting a Linux VM will encounter the warning: /dev/mapper/rootvg-lvroot: Superblock last mount time Mon Feb 27 16:19:54 2017, now = Fri Feb 17 16:37:49 2017 is in the future./dev/mapper/rootvg-lvroot: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. i.e., without -a or -p option...

Debian DSA-2649-1 : lighttpd - fixed socket name in world-writable directory

Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...

cubecart-3.0.3.txt

CubeCart™ 3.0.3 multiple variable Cross site scripting Vendor url: www.cubecart.com bug report:http://bugs.cubecart.com/?do=details&id=363 Advisore:http://lostmon.blogspot.com/2005/09/ cubecart-303-multiple-variable-cross.html vendor confirmed: yes exploit avalable: yes Fix available: yes CubeCar...