28 matches found
Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...
Linux Distros Unpatched Vulnerability : CVE-2026-6907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary head...
CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...
ASB-A-465136263
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-27839
CVE-2026-27839 affects wger up to version 2.4, where three nutritional_values endpoints fetch objects via Model.objects.get(pk=pk) instead of using a user-scoped queryset. This allows any authenticated user to read another user’s private nutrition data (caloric intake and full macro breakdown) by...
Hono code issue vulnerabilities
Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.11.7 had code vulnerabilities. These vulnerabilities stemmed from information leaks in the caching middleware, which could potentially cache private or authenticated responses and expose them to...
CVE-2025-3950 Exposure of Private Personal Information to an Unauthorized Actor in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection...
XWiki view file macro: User can view content of office file without view rights on the attachment
Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...
EUVD-2023-34987
Malicious code in bioql PyPI...
EUVD-2023-58259
Malicious code in bioql PyPI...
CVE-2025-27149
Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries E.g.,...
CVE-2025-27149
Zulip server before 10.0 has a data-export vulnerability (CVE-2025-27149) where export types for organization admins incorrectly included metadata such as user-agent identifiers for integrations and HTTP libraries, and in public data/with-consent exports exposed titles of topics in private channe...
Azure Linux 3.0 Security Update: opensc (CVE-2023-5992)
The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5992 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channe...
Medium: openssl-snapsafe
Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...
CVE-2024-42364 homepage DNS rebinding vulnerability (GHSL-2024-096)
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...
Fedora 38 : opensc (2024-b92d44f141)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...
AZL-34088 CVE-2023-5992 affecting package opensc for versions less than 0.23.0-3
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
The vulnerability of the Bluetooth component of the Android operating system, which allows a intruder to disclose protected information
The vulnerability of the Bluetooth component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to disclose protected information...
CVE-2023-2703
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07...
SUSE CVE-2017-1000099
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...