[SECURITY] Fedora 44 Update: rawtherapee-5.12-8.fc44

Rawtherapee is a RAW image processing software. It gives full control over many parameters to enhance the raw picture before finally exporting it to some common image format...

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.19 contain security vulnerabilities. These vulnerabilities stem from GitHub App callbacks that allow attackers to control parameters...

EUVD-2020-3890

Malware in sbrugna...

EUVD-2023-1561

Malicious code in bioql PyPI...

EUVD-2025-25378

Malicious code in bioql PyPI...

Metabase 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host is prior to 0.42.6, 0.43.7, 0.44.5, 1.42.6, 1.43.7, or 1.44.5. It is, therefore, affected by a parameter control vulnerability. A remote attacker can circumvent locked parameters when requesting data for a question in an embedded dashboard by...

FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation

Overview Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation. Privilege escalation vulnerability through external control of Web parameter CWE-472 - CVE-2025-54551 Christopher Alejandro Moroco reported this vulnerability to CISA ICS...

CVE-2025-54551

CVE-2025-54551 affects Fujifilm Synapse Mobility (Synapse Mobility) versions 8.0–8.1.1. The root cause is privilege escalation via external control of Web parameters (CWE-472), allowing a user to bypass RBAC and access data beyond their permissions by altering search parameters. Public sources (N...

VulnCheck KEV: CVE-2025-35939

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with...

CVE-2022-43396

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

External Control of Assumed-Immutable Web Parameter

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to missing sanitization of the return URL requested by the client. This allows an attacker to introduce arbitrary values to a known loc...

Sipwise C5 NGCP Dashboard 安全漏洞

Sipwise C5 NGCP Dashboard is a management interface from Sipwise that is used to manage and monitor various features and services of the Sipwise C5 Next Generation Communication Platform NGCP. A security vulnerability exists in Sipwise C5 NGCP Dashboard versions prior to mr11.5.1, which stems fro...

PT-2023-6778 · Аврора · Аврора

Name of the Vulnerable Software and Affected Versions: Аврора affected versions not specified Description: The issue is related to a component that checks installed packages in the Аврора operating system, which has inadequate control over the parameters of installed packages. Exploitation of thi...

SUSE CVE-2019-11236

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

SUSE CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

Apache Kylin Command Injection Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...

CVE-2022-43396 Apache Kylin: Command injection by Useless configuration

In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...

splitReinvest() can be front run

Handle WatchPug Vulnerability details function splitReinvestuint256 rewardLiquidity external retrieveRewardrewardLiquidity; uint256 rewardBalance = rewardToken.balanceOfaddressthis; rewardToken.safeTransferaddressdexHandler, rewardBalance.div2; dexHandler.buyMalt; bondAccountmsg.sender; emit...

CVE-2019-11236

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

Mail.ru: Подмена фотографий автомобиля [city-mobil.ru/taxiserv/]

Possibility to change the photo at external-storage.city-mobil.ru by controlling the parameter photourl and id on city-mobil.ru/taxiserv/...