PT-2026-24718

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.10 Description Traefik is an HTTP reverse proxy and load balancer. A tenant with write access to an HTTPRoute resource can inject rule tokens into Traefik’s router rule language through unsanitized header or query...

Fastify Middie Middleware Path Bypass

Summary A security vulnerability exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify...

EUVD-2025-36173

An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...

PT-2025-43951

An issue was discovered in eTimeTrackLite Web thru 12.0 20250704. There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations...

EUVD-2024-45561

Malicious code in bioql PyPI...

EUVD-2024-32958

Malicious code in bioql PyPI...

CVE-2025-34202

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 VA and SaaS deployments expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a...

Missing Authorization

Overview typo3/cms-workspaces is a typo3 component for workflows with custom stages and versioning for a better editing and publishing experience Affected versions of this package are vulnerable to Missing Authorization in the Workspace Module's AJAX backend route. An authenticated attacker can...

CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication MFA dialog presented during backend login can be bypassed due to insufficient enforcement of access...

GHSA-48CQ-79QQ-6F7X Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and anyon...

SUSE CVE-2021-32746

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the doc module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permissio...

PT-2022-8501 · Quickedit · Quickedit

Name of the Vulnerable Software and Affected Versions: QuickEdit module affected versions not specified Description: The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues...

DRUPAL-CORE-2021-007

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed. Removing the...

CVE-2019-0002

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are...