MediaMTX affected by CVE-2026-27143 due to vulnerable dependency

Summary Release 1.17.1 seems affected by CVE-2026-27143. golang 1.25.9 Seems to solve the issue. Is there any new release planned? Details See https://nvd.nist.gov/vuln/detail/CVE-2026-27143...

CVE-2026-23318 affecting package kernel for versions less than 6.6.130.1-1

CVE-2026-23318 affecting package kernel for versions less than 6.6.130.1-1. An upgraded version of the package is available that resolves this issue...

FreeBSD : python -- several security vulnerabilities (bfe9adc8-0224-11f1-8790-c5fb948922ad)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bfe9adc8-0224-11f1-8790-c5fb948922ad advisory. The Python project announces a new release with several security fixes: Tenable has extracted...

PT-2025-39659

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions through 1.0.7.2 Description A weakness exists in givanz Vvveb that could allow for cross-site request forgery. The vulnerability affects unknown code and can be exploited remotely. The exploit has been publicly released...

PT-2025-39656

Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.2 Description A security flaw exists in the Image Handler component of givanz Vvveb. Manipulation of this component can lead to information disclosure. Remote exploitation is possible, and the exploit has been...

PT-2025-34575 · Unknown · Givanz Vvveb

Name of the Vulnerable Software and Affected Versions: givanz Vvveb versions up to 1.0.7.2 Description: A weakness exists in givanz Vvveb that allows for unrestricted file upload. The issue is located in an unknown function within the /system/traits/media.php file. Manipulation of the files...

CVE-2025-24962 Command Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmapcmd parameters. This issue has been addressed in commit c28e5c8d and is expected in the next versioned release. Users are advised to filter user input and monitor the...

GHSA-CVP8-5R8G-FHVQ omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

Duplicate Advisory: Gogs allows argument injection during the tagging of a new release

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m27m-h5gj-wwmg. This link is maintained to preserve external references. Original Description Gogs through 0.13.0 allows argument injection during the tagging of a new release. This vulnerability is still unfixe...

CVE-2024-39933

Gogs through 0.13.0 allows argument injection during the tagging of a new release...

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

Monero: Potential linkage of public/private (anonymous) node addresses

During the handshake for an incoming connection, the peer id is checked against the local node's peer id only for the specific zone of the incoming peer, in order to avoid linking public addresses to tor addresses:...

newreleasetoday.com XSS vulnerability

Open Bug Bounty ID: OBB-682896 Description| Value ---|--- Affected Website:| newreleasetoday.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

References - Unsupported - SA-CONTRIB-2017-38

Updates 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2 2017-04-14 - A potential new maintainer is working through the process of fixing the References module. When this is complete a new release will be published and this SA will be updated. The specific details...

完全無料!!スラムダンクの続き(まとめサイト)新着370話 - External URLs, SQLite database found, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application 完全無料!!スラムダンクの続きまとめサイト新着370話 published at the 'play' market has multiple vulnerabilities...

Good for Enterprise 2.2.2.1611 - Cross-Site Scripting

The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here' Remediation: I worked with the Good people to close the issue, ...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

Multiple CSRF Vulnerabilities in [GLPI Version 0.83.2]

Hi, This is regarding multiple CSRF Cross Site Request Forgery Vulnerabilities in GLPI Version 0.83.2. The following is the disclosure document: Title: Multiple CSRF Vulnerabilities in GLPI Version 0.83.2 ------------------------------------------------------------------------...

GLPI 0.83.2 Cross Site Scripting

Hi, This is regarding XSS Vulnerability in GLPI 0.83.2. The following is the disclosure document: Title: Cross site scripting vulnerability found in GLPI 0.83.2 ------------------------------------------------------------------------...