CVE-2022-31106

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of underscore.deep prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to deepFromFlat, which would pollute any future...

EUVD-2025-23369

Malicious code in bioql PyPI...

CVE-2025-49128

Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended memory content t...

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

CVE-2024-53163

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat420xx - fix off by one in uofgetname This is called from uofgetname420xx where "numobjs" is the ARRAYSIZE of fwobjs. The needs to be = to prevent an out of bounds access. Mitigation To mitigate this issue, prevent...

CVE-2024-56145

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

CVE-2024-45403

CVE-2024-45403 affects the H2O HTTP server when configured as a reverse proxy. The issue is an assertion failure caused by cancelled HTTP/3 requests, enabling a denial-of-service attack. By default, the standalone H2O server restarts automatically, which mitigates impact, but concurrent requests ...

CVE-2022-41913

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

Authorization

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...

Check Point Firewall rules may improperly handle network traffic

Overview Check Point Firewall CIFS service group may allow unintended traffic to pass through the firewall. Description Check Point Firewall contains a set of predefined service groups designed to handle different types of traffic associated with a service or collection of protocols. For instance...