Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl, pyasn1-0.6.2-py3-none-any.whl, requests-2.32.5-py3-none-any.whl, bcprov-jdk18on-1.83.jar, pygments-2.19.2-py3-none-any.whl,...

Ubuntu: Security Advisory (USN-8175-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 8 : kernel-4.18.0-477.13.1.el8_8 (AXSA:2023-6202:19)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6202:19 advisory. kernel: netfilter: use-after-free in nftables when processing batch requests can lead to privilege escalation CVE-2023-32233 Tenable has extracted the...

EUVD-2020-2541

Malware in sbrugna...

EUVD-2004-0428

Malware in sbrugna...

EUVD-2023-2618

Malicious code in bioql PyPI...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cer...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests

Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...

CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

SUSE-SU-2023:4607-1 Security update for python3-Twisted

This update for python3-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. bsc1216588...

Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow

source: https://www.securityfocus.com/bid/1056/info WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser. Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080...