EUVD-2026-19352

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...

EUVD-2023-58959

Malicious code in bioql PyPI...

CVE-2024-7554

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-39694

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

CVE-2025-30159

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the snippet helper or $kirby-snippet method with a dynamic snippet name such as a snippet name that depends on request or user data. Sites that onl...

CVE-2025-32972

Vulnerability summary (CVE-2025-32972) : XWiki is affected in versions 6.1-milestone-1 to before 15.10.12, 16.0.0-rc-1 to before 16.4.3, and 16.5.0-rc-1 to before 16.8.0-rc-1. The issue is in the script API of the LESS compiler where it incorrectly checks rights when invoking the cache cleaning A...

CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...

CVE-2025-24796

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

BIT-PYTHON-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

Internet Bug Bounty: Possible DoS Vulnerability with Range Header in Rack

A potential denial-of-service vulnerability was discovered in the Rack web server interface for Ruby. The vulnerability was assigned the CVE identifier CVE-2024-26141 and affected versions of Rack 1.3.0 and later. The vulnerability was caused by carefully crafted Range request headers, which coul...

CVE-2023-26481 Insufficient user check in FlowTokens by Email stage

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

Moodle Pre-Auth Remote Code Execution 0day Exploit

The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction. 0day exploit affecting recent versions of Moodle...

ALBA-2021:4258 new packages: gcc-toolset-11-annobin

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-11-annobin packages to AlmaLinux For instructions on usage, see Using GCC Toolset linked from...

ALBA-2020:4834 new packages: gcc-toolset-10-systemtap

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-systemtap packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using G...

new packages: gcc-toolset-10-annobin

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-10-annobin packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

gcc-toolset-9-strace bug fix and enhancement update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documente...

new packages: gcc-toolset-9-dyninst

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials such as the username of energetic and password of wireless meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in...