U.S. Dept Of Defense: Information Disclosure in API Endpoint /users

An endpoint /users was exposing sensitive user information, including id, first name, last name, email, role, and authdata, to unauthenticated users. This allowed anyone to retrieve private user details without authentication...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the rex-api-result parameter. An attacker can execute arbitrary scripts in the context of the user's browser session by crafting a malicious URL that injects JavaScript into the web page. Details...

Linux Distros Unpatched Vulnerability : CVE-2023-46841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature...

Linux Distros Unpatched Vulnerability : CVE-2022-36113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, makin...

Linux Distros Unpatched Vulnerability : CVE-2024-27322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling ...

Linux Distros Unpatched Vulnerability : CVE-2020-29511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allow...

Linux Distros Unpatched Vulnerability : CVE-2020-14040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the...

How to Create a Scan for Local File Inclusion

This whitepaper covers how to create a scan in Perl to identify different types of local file inclusion in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid local file...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

WordPress RateMyAgent Official plugin <= 1.4.0 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Dhabaleshwar Das in WordPress Plugin RateMyAgent Official versions = 1.4.0...

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization that allows an attacker in...

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...

When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python librarythat bypasses Deezer API restrictions to download music.The package was found to exfiltrate user data to a hardcoded server,which could be used for malicious purposes...

Microsoft .NET Remote Code Execution Vulnerability

The Microsoft .NET Framework is Microsoft's new development platform after Windows DNA, which runs in a system virtual machine and provides new functionality and development tools for Application Programming Interfaces APIs. A remote code execution vulnerability exists in Microsoft .NET, which ca...

CVE-2025-26979 WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Advisory ROSA-SA-2025-2716

Software: perl 5.26.3 OS: ROSA Virtualization 3.0 packageevrstring: perl-5.26.3 CVE-ID: CVE-2020-10878 BDU-ID: 2020-04040 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PLregkindOPn == NOTHING parameter of the Perl programming language interpreter is related to integer overflow. Exploitation of...

PT-2025-7660 · Sourcecodester · Sourcecodester Best Church Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.0 Description: A critical vulnerability was found in the software, affecting an unknown functionality of the file /admin/app/asset crud.php. The manipulation of the photo1 argument lead...

CVE-2024-46933

An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMFC4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access...

[SECURITY] Fedora 40 Update: python3.12-3.12.9-1.fc40

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...