Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from a CSRF vulnerability in the installpackage method, which could allow attackers to force t...

CVE-2025-68619

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugi...

SUSE CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2022-20457

In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Arbitrary File Overwrite

bin-links is vulnerable to arbitrary file overwrite. The application does not prevent globally-installed binaries to be overwritten by other package installs...

PT-2014-3449 · Openstack +1 · Openstack Heat Templates +1

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors, as GPG signature...