CVE-2026-3633

Summary: CVE-2026-3633 affects libsoup and enables CRLF/header/http request injection by an attacker who can control the method parameter in soup_message_new(). The flaw arises from inadequate escaping of the method value during request line construction, potentially allowing arbitrary headers or...

CVE-2026-3633

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

PT-2026-24363

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.14.24 through 3.19.3 Description An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull reque...

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

PT-2026-22736

Name of the Vulnerable Software and Affected Versions Step-Video-T2V affected versions not specified Description An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code. The issue is related to the /vae-api and /caption-api endpoints, specifically through the...

CVE-2025-57622

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...

CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from the unsafe use of the extract function on the $REQUEST superglobal variable, which could allow unverified...

EUVD-2024-21058

Malicious code in bioql PyPI...

EUVD-2024-54796

Malicious code in bioql PyPI...

EUVD-2022-55520

Malicious code in bioql PyPI...

EUVD-2023-31747

Malicious code in bioql PyPI...

EUVD-2025-7092

Malicious code in bioql PyPI...

CVE-2025-61584 serverless-dns is vulnerable to Command Injection through pr.yml GitHub Action Workflow

serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. Versions through abd including 0.1.30 have a vulnerability where the pr.yml GitHub Action interpolates in an unsafe manner untrusted input, specifically the...

SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

CVE-2022-50335 9p: set req refcount to zero to avoid uninitialized usage

In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uninitialized request reference counting, which could lead to the use of uninitialized request data structur...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to th...

CVE-2014-0511

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:32+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:13:09+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...