EUVD-2009-4269

Malware in sbrugna...

EUVD-2020-30287

Malware in sbrugna...

EUVD-2024-22929

Malicious code in bioql PyPI...

EUVD-2022-3443

Malicious code in bioql PyPI...

EUVD-2022-36734

Malicious code in bioql PyPI...

EUVD-2022-2823

Malicious code in bioql PyPI...

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

Vulnerabilities fixed in XWiki Platform

XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...

Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit...

CVE-2023-4047

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

CVE-2023-35165 AWS CDK EKS overly permissive trust policies

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

GHSA-H9WW-WJG4-JVVG Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module

The Translation module before v2.0.58 from Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via...

GHSA-CP5R-XQJR-84GM Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints

Jenkins BMC AMI DevX Code Pipeline Operations Plugin 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

Jenkins ElectricFlow Plugin Missing permission checks

Various form validation and form autocompletion methods in CloudBees CD Plugin lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of CloudBees CD Plugin, as well as the configuration and data of connected ElectricFlow servers...

VMware vCenter Server 权限许可和访问控制问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to...

Ubuntu 16.04 LTS : LXD vulnerabilities (USN-2988-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2988-1 advisory. Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read...

Debian DLA-321-1 : wordpress security update

Various security issue have been fixed in the Debian LTS squeeze version of the Wordpress content management system. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes...

Mandriva Linux Security Advisory : puppet (MDVSA-2013:222)

Updated puppet and puppet3 package fix security vulnerabilities : It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the master could use this issue to execute arbitrary Ruby files CVE-2013-4761. It was discovered that Puppet incorrectly handled...

Gentoo Security Advisory GLSA 200407-16 (Kernel)

The remote host is missing updates announced in advisory GLSA 200407-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200407-16 (Kernel)

The remote host is missing updates announced in advisory GLSA 200407-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...