68 matches found
ALSA-2026:7670 Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
PT-2026-21437
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
EUVD-2025-205817
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.5.3, prior to 2025.11.1, and prior to 2025.12.0, which stems from an...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.6 through befo...
EUVD-2017-1248
Malware in sbrugna...
EUVD-2017-13134
Malware in sbrugna...
EUVD-2023-2524
Malicious code in bioql PyPI...
EUVD-2021-3601
Malicious code in bioql PyPI...
EUVD-2021-29300
Malicious code in bioql PyPI...
EUVD-2022-42754
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-3375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions...
Linux Distros Unpatched Vulnerability : CVE-2020-6812
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The first time AirPods are connected to an iPhone, they become named after the user's name by default e.g. Jane Doe's AirPods. Websites with camera or microphon...
git: Git does not sanitize URLs when asking for credentials interactively
A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...
CVE-2025-6600
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
CVE-2021-42326
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter...
CVE-2019-19800
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet...
CVE-2024-13374 WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure
The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptmgetFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that could result in the disclosure of information about a...