PrestaShop Version Hunter

psversionhunter.py fingerprints a PrestaShop installation by comparing the versions of its native modules against the module versions bundled with a known PrestaShop release tag. This is useful when a target does not expose the PrestaShop core version directly but still exposes native module...

GO-2026-4769 Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju

Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4744 Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

OESA-2026-1703 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

OESA-2026-1701 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

AZL-75698 CVE-2025-68119 affecting package golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

GO-2025-4084 ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection in github.com/zitadel/zitadel

ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

EUVD-2019-17020

Malware in sbrugna...

EUVD-2018-6619

Malware in sbrugna...

EUVD-2012-2090

Malware in sbrugna...

EUVD-2017-8462

Malware in sbrugna...

EUVD-2022-7596

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-16138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mime module 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. CVE-2017-1613...

GO-2025-3825 Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

GO-2025-3671 ZITADEL Allows IdP Intent Token Reuse in github.com/zitadel/zitadel

ZITADEL Allows IdP Intent Token Reuse in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest ...

GO-2025-3565 ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

GO-2025-3499 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel

IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...