Linux Distros Unpatched Vulnerability : CVE-2022-3819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a...

CVE-2025-52856 VioStor

An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later...

CVE-2025-54542 Sending Password in GET Request

QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or...

CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

CVE-2024-42209

HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data...

CVE-2024-42209

HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data...

CVE-2024-42209

HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data...

CVE-2024-42209

CVE-2024-42209 affects HCL Connections and describes an information-disclosure vulnerability caused by improper handling of request data. The available documents identify the vulnerability class (information disclosure) and the affected product but do not provide explicit version ranges or a conf...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL India. A security vulnerability exists in HCL Connections that stems from improper handling of request data, which could lead to access to unauthorized sensitive information...

OpenBlow Missing Headers

Multiple public deployments of the OpenBlow whistleblowing software lack critical HTTP security headers. These configurations expose users to client-side vulnerabilities including cross site scripting, clickjacking, API misuse, and referer leakage. Given the extreme sensitivity of users...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Security update for perl

This update for perl fixes the following issues: CVE-2025-40909: Do not change the current directory when cloning an open directory handle bsc1244079. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Technical Options for Flexible Hardware-Enabled Guarantees

Frontier AI models pose increasing risks to public safety and international security, creating a pressing need for AI developers to provide credible guarantees about their development activities without compromising proprietary information. We propose Flexible Hardware-Enabled Guarantees flexHEG,...

Disclosure Audits for LLM Agents

Large Language Model agents have begun to appear as personal assistants, customer service bots, and clinical aides. While these applications deliver substantial operational benefits, they also require continuous access to sensitive data, which increases the likelihood of unauthorized disclosures...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request...

CVE-2024-53359

An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sendi...

DEBIAN-CVE-2024-13009

In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests...