20 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-2726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have...
CVE-2026-27707
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...
EUVD-2025-34130
Malicious code in company-request-access npm...
Malicious Package
Overview company-request-access is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in company-request-access (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e49052755a86ef81d8b6c55e055db2639127cd68573b30d2725ed12e8e0d61ea Any computer that has this package installed or running should be considered...
MAL-2025-48408 Malicious code in company-request-access (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e49052755a86ef81d8b6c55e055db2639127cd68573b30d2725ed12e8e0d61ea Any computer that has this package installed or running should be considered...
EUVD-2024-2322
Malicious code in bioql PyPI...
EUVD-2022-3114
Malicious code in bioql PyPI...
CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0
An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...
CVE-2025-1501 Incorrect authorization for traces request/download in CMC before 25.1.0
An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download...
CVE-2024-55082
A Server-Side Request Forgery SSRF in the endpoint http://your-server/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
Monkeytype 安全漏洞
Monkeytype is a minimalist and customizable typing test open-sourced by Monkeytype. A security vulnerability exists in versions of Monkeytype prior to 24.30.0, which stems from vulnerability to a code injection attack, where an attacker is able to gain pull request write access...
PT-2024-29282 · Unknown · Monkeytype
Name of the Vulnerable Software and Affected Versions: Monkeytype versions prior to 24.30.0 Description: The issue concerns a Poisoned Pipeline Execution through Code Injection in the ci-failure-comment.yml GitHub Workflow of Monkeytype. This vulnerability allows attackers to gain pull-requests...
GitLab 安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab after version...
CVE-2020-14716
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
Ispirithalaya Hospital Management System 0.1.2 Database Configuration Disclosure
Exploit Title : Ispirithalaya Hospital Management System 0.1.2 Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : freeehospital.com Software Download Link :...
tomcat: Calls to application listeners did not use the appropriate facade object
A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web...
Request access to this page. userFullName can be modified.
Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...
PT-2014-2868 · D Link · D-Link Dir-505L Shareport Mobile Companion +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-505L SharePort Mobile Companion version 1.01 D-Link DIR-826L Wireless N600 Cloud Router version 1.02 Description: The issue allows remote attackers to bypass authentication via a direct request when an authorized session is active...