257 matches found
CVE-2026-7189
Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...
CVE-2026-7189
Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...
CVE-2026-7189
CVE-2026-7189 affects Proliz OBS prior to v3.6.0. The issue is an insertion of sensitive information into sent data caused by functionality not being properly constrained by ACLs, enabling a network-remote impact with high confidentiality risk and low integrity impact. Affected component: Proliz ...
CVE-2026-7189 Sensitive Data Exposure in Proliz's OBS
Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...
CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler
A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...
CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler
A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...
PT-2026-55256
Name of the Vulnerable Software and Affected Versions obs tar scm source service versions prior to 0.12.4 Description A shellcode injection exists in the mercurial handler of the source service. Attackers who can provide a crafted service file can execute arbitrary code as the source service or t...
MAL-2026-4201 Malicious code in obs-migrate (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2026-18417
Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values...
CVE-2026-26962 Rack: Header injection in multipart requests
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
CVE-2026-26962
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
CVE-2026-26962 Rack: Header injection in multipart requests
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
PT-2026-29923
Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...
PT-2026-29841
Name of the Vulnerable Software and Affected Versions Rack versions 3.2.0 through 3.2.5 Description Rack’s Rack::Multipart::Parser incorrectly unfolds folded multipart part headers. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values...
Security update for obs-service-recompress, obs-service-tar_scm (moderate)
openSUSE Security Update: Security update for obs-service-recompress, obs-service-tarscm Announcement ID: openSUSE-SU-2026:0109-1 Rating: moderate References: 1076410 1082696 1105361 1107507 1107944 1127353 1127907 1138377 1168573 1212476 1216361 927120 967265 Cross-References: CVE-2018-12473...
[SECURITY] Fedora 44 Update: rust-reqsign-huaweicloud-obs-3.0.0-1.fc44
Huawei Cloud OBS signing implementation for reqsign...
openSUSE 16 Security Update : osc, obs-scm-bridge (openSUSE-SU-2026:20361-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20361-1 advisory. Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching paren...
Security update for osc, obs-scm-bridge (moderate)
openSUSE security update: security update for osc, obs-scm-bridge ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20361-1 Rating: moderate References: bsc1230469 bsc1247410 Cross-References: CVE-2024-22038 CVSS scores: CVE-2024-22038 SUSE : 7.3...
CVE-2025-14347
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS.This issue affects OBS Student Affairs Information System0: before 26.5009...
CVE-2025-14347
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS. This issue affects OBS Student Affairs Information System0: before 26.5009...