27 matches found
CVE-2025-7785
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...
CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
CVE-2025-46331 OpenFGA Authorization Bypass
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...
GHSA-FFQC-F68H-QQ8W vulnerabilities
Vulnerabilities for packages: patch...
GHSA-JX75-987W-4CQC vulnerabilities
Vulnerabilities for packages: patch...
GHSA-W88P-XVMW-FXGG vulnerabilities
Vulnerabilities for packages: patch...
GHSA-G5PM-269J-95RR vulnerabilities
Vulnerabilities for packages: patch...
CVE-2025-20634
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...
RHSA-2021:1532 Red Hat Security Advisory: kpatch-patch security update
Bulletin has no description...
Yokogawa FAST/TOOLS and CI Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : FAST/TOOLS and CI Server Vulnerabilities : Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
CVE-2023-45290
When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
CVE-2023-52433 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...
GHSA-RV9X-WMW4-44QJ Pyload Insufficient Session Expiration vulnerability
Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...
CVE-2022-3559
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this...
Release Information for Veeam Backup & Replication 10a Cumulative Patch P20220304
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Intended audience for this update The update on this page is provided as a courtesy to customers who wish to remain on Veeam Backup & Replication 10a for an extended...
OS Command Injection
patch is vulnerable to OS command injection. An attacker is able to execute arbitrary OS commands through patch using a malicious patch file containing ed style diff payload with shell metacharacters...
CVE-2018-20969 vulnerabilities
Vulnerabilities for packages: patch...
CVE-2019-13638 vulnerabilities
Vulnerabilities for packages: patch...