81 matches found
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
Brave Desktop 1.90.128 Security Fixes
Updated wallet to handle more "Permit" type warnings in the "Sign" panel as reported on HackerOne by syarif07. - Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...
CVE-2024-41736
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application...
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
EUVD-2025-131927
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
CentralSquare Community Development 安全漏洞
CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7 that stems from unfiltered input in the permitno field, which could lead to an SQL...
CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...
PT-2025-46671
Name of the Vulnerable Software and Affected Versions CentralSquare Community Development version 19.5.7 Description A SQL Injection issue exists in CentralSquare Community Development 19.5.7. Attackers can inject SQL code through the permit no field. Recommendations Update to a newer version tha...
CVE-2025-64280
CVE-2025-64280 affects CentralSquare Community Development 19.5.7. The vulnerability is a SQL injection through the permit_no field caused by unfiltered input in the application, with CVSS v3.1 base score 9.8 (CRITICAL). The impact targets confidentiality, integrity, and availability. No exploita...
EUVD-2024-39179
Malicious code in bioql PyPI...
Disable PermitUserEnvironment
PermitUserEnvironment allows users to set SSH environment variables, which may be exploited by attackers to launch attacks. If PermitUserEnvironment is set to yes, attackers can modify SSH environment variables to evade the security mechanism or execute attack code. This configuration must be...
Linux Distros Unpatched Vulnerability : CVE-2023-37154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - checkbyssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS. This has been...
SecureT2I: No More Unauthorized Manipulation on AI Generated Images from Prompts
Text-guided image manipulation with diffusion models enables flexible and precise editing based on prompts, but raises ethical and copyright concerns due to potential unauthorized modifications. To address this, we propose SecureT2I, a secure framework designed to prevent unauthorized editing in...
CVE-2025-34066
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...
BIT-HUBBLE-RELAY-2025-30163 Node based network policies may incorrectly allow workload traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...
The vulnerability of the SAP Permit to Work (PTW) security and labor protection system, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SAP Permit to Work PTW security and labor protection system is related to insufficient protection of operational data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
GHSA-C4Q5-6C82-3QPW Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: It must be a WebFlux application It must be using Spring's static resources support It...