61 matches found
Malicious code in zeppelin-nymph-wpa677-project (npm)
The package zeppelin-nymph-wpa677-project was found to contain malicious code...
Malicious code in lilypad-hammock-cnr879-project (npm)
The package lilypad-hammock-cnr879-project was found to contain malicious code...
Malicious code in lilypad-butterfly-qzq971-project (npm)
The package lilypad-butterfly-qzq971-project was found to contain malicious code...
Malicious code in everest-delta-sco019-project (npm)
The package everest-delta-sco019-project was found to contain malicious code...
Malicious code in vortex-dragon-qps375-project (npm)
The package vortex-dragon-qps375-project was found to contain malicious code...
MAL-2025-40052 Malicious code in xylophone-myth-wbx282-project (npm)
The package xylophone-myth-wbx282-project was found to contain malicious code...
MAL-2025-32717 Malicious code in saturn-quasar-uss495-project (npm)
The package saturn-quasar-uss495-project was found to contain malicious code...
CVE-2025-50486
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack...
PT-2025-26760 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This...
CVE-2016-20003
The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...
Linux Distros Unpatched Vulnerability : CVE-2023-38497
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
BIT-GITLAB-2024-3976 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...
CVE-2024-3976 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...
Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
CVE-2025-23027
CVE-2025-23027 affects the next-forge Next.js boilerplate. The root cause is a BASEHUB_TOKEN committed in apps/web/.env.example, exposing credentials and potentially granting unauthorized access if the token is active. Public references (NVD/Red Hat/OSV and others) describe the issue in terms of ...
Moderate: Red Hat Security Advisory: containernetworking-plugins security update
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
WebOb's location header normalization during redirect leads to open redirect
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...
PT-2024-05: Remote Code Execution when creating a project from a git repository in PT Application Inspector (PT AI)
The vulnerability was identified in PT AI affecting versions 4.3.1 to 4.7.2. The vulnerability can be exploited by an attacker with network access to the PT AI control server to remotely execute code on the control server. Exploitation of the vulnerability requires authorization of the "project...
Improper Access Control
github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability is due to improper cleanup of roleBindings associated with a user or group when they are removed from a project, allowing former members to continue creating, updating, reading, and deleting namespaces in that...
GitLab 14.0 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0456)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that th...