5 matches found
CVE-2026-14468
Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...
EUVD-2026-41946
HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...
Debian dla-3819 : fossil - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3819 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/...
PT-2023-10285 · Typo3 +1 · Typo3 +1
Name of the Vulnerable Software and Affected Versions: mback2k mh httpbl Extension versions 1.1.7 and earlier Description: A critical vulnerability was found in the mback2k mh httpbl Extension on TYPO3, affecting the function moduleContent of the file mod1/index.php. This issue leads to SQL...
Metasploit Weekly Wrap-UP
GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...