ciguard 安全漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.6.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the SCa HTTP client’s use of json.loads without setting a maximum byte limit, which can...

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...

CVE-2026-4160

The CVE-2026-4160 entry concerns the WordPress Fluent Forms plugin (versions up to 6.1.21). Affected component: Stripe SCA confirmation AJAX endpoint handling a submission_id parameter. Root cause: missing authorization and ownership validation on a user-controlled key enables Insecure Direct Obj...

PT-2026-33318

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder versions prior to 6.1.22 Description An Insecure Direct Object Reference IDOR exists due to missing authorization and ownership validation on a user...

EUVD-2026-12623

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

CVE-2026-25790

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

CVE-2025-13748

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

EUVD-2025-198515

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

EUVD-2014-2268

Malware in sbrugna...

EUVD-2021-34011

Malicious code in bioql PyPI...

CVE-2023-21197

In btmaclprocessscacmplpkt of btmacl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2024-51720

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication SCA Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number...

CVE-2024-51720 Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication SCA Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number...

OPENSUSE-SU-2024:11371-1 sca-patterns-sle15-1.0.8-2.2 on GA media

These are all security issues fixed in the sca-patterns-sle15-1.0.8-2.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11369-1 sca-patterns-sle11-1.3.5-1.2 on GA media

These are all security issues fixed in the sca-patterns-sle11-1.3.5-1.2 package on the GA media of openSUSE Tumbleweed...

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis SCA tools have become a basic instrumen...

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days...

Exploit for Deserialization of Untrusted Data in Alibaba Fastjson

json.org CVE-2022-45688 true & false positive WTF ?? The p...