CVE-2022-31669

Harbor (the open‑source registry) contains an authorization flaw in its tag immutability policy API. The vulnerability occurs when updating a tag immutability policy, where a request may specify a policy in a project the authenticated user cannot access, enabling modification of policies in other...

CVE-2022-31666

Harbor vulnerability CVE-2022-31666 involves failure to validate user permissions when managing Webhook policies. The issue allows authenticated users to view, update, or delete Webhook policies belonging to other users or projects, potentially enabling modification of policies configured in othe...

CVE-2023-4134

The CVE-2023-4134 issue affects the Linux kernel cyttsp4_core driver. A use-after-free occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue, enabling a local attacker to crash the system and cause a denial of service. The provided documents cons...

CVE-2024-4741

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

CVE-2024-31880

CVE-2024-31880 : IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to DoS under certain configurations when authenticated users send a crafted SQL statement, potentially crashing the server. Connected IBM bulletins/CPD advisories tie this set to IBM Db2...

CVE-2024-22032

CVE-2024-22032: Rancher’s RKE1 deployment keeps reconciling when secrets encryption is enabled, causing Kube API secret values to be written in plaintext in the cluster AppliedSpec. Affected environments include RKE1 clusters managed by Rancher; RBAC users with cluster or project scope can view t...

CVE-2024-22029

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root...

CVE-2023-32196

CVE-2023-32196 describes an privilege-escalation risk in Rancher where RoleTemplate objects with external=true may bypass checks, enabling escalation in specific scenarios. The issue affects Rancher/Rancher Manager components that manage RoleTemplate resources (CRD-backed objects) and is tied to ...

CVE-2023-32193

CVE-2023-32193 corresponds to unauthenticated XSS in Rancher’s Norman public API endpoint (public API of rancher/norman). Root cause indicated by sources is insufficient input/URL validation in the API parsing (ParseRequestURL), enabling an attacker to inject/script and potentially execute comman...

CVE-2023-32192

The CVE-2023-32192 issue affects Rancher API Server (apiserver). Reported as an unauthenticated Cross-Site Scripting (XSS) vulnerability in the public API endpoint. Root cause described in connected sources as improper URL handling in ParseRequestURL within the apiserver, enabling arbitrary JavaS...

CVE-2023-22650

This CVE concerns Rancher not automatically cleaning up deleted/disabled users from the configured authentication provider, leaving tokens usable and potentially granting continued access. Concrete details from connected sources show the issue affects Rancher and involves user accounts that persi...

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive...

CVE-2024-32608

The CVE-2024-32608 entry applies to the HDF5 library up to version 1.14.3, where memory corruption in H5A__close can corrupt the instruction pointer and lead to denial of service or potential code execution. Public references indicate a fix in HDF5 1.14.4, so upgrading to 1.14.4 or later mitigate...

CVE-2023-46586

The CVE affects the Weborf web server implementation (cgi.c) prior to version 1.0. The root cause is a misused strncpy that fails to terminate CGI script paths with a null character, leaving input paths unterminated. This impacts Weborf releases before 1.0 across reported versions (0.17–0.20). Pr...

CVE-2023-37154

CVE-2023-37154 affects Nagios nagios-plugins 2.4.5, where check_by_ssh allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS}. The issue is noted as categorized both as fixed in commit e8810de and as intended behavior; exploitation details are not pr...

CVE-2023-36325

CVE-2023-36325 affects i2p before 2.3.0 (Java). A correlation attack during a tunneled, replayed message with a behavior discrepancy can de-anonymize the public IPv4 and IPv6 addresses of i2p hidden services (eepsites). Impact is de-anonymization; attack would take days to complete. Affected vers...

CVE-2023-45361

The CVE-2023-45361 issue affects MediaWiki’s Vector Skin (VectorComponentUserLinks.php) in versions prior to 1.39.5 and 1.40.x prior to 1.40.1. The root cause is that MalformedTitleException is uncaught when a vector-intro-page title is invalid, which can lead to incorrect web pages being produce...

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

CVE-2023-46586

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 before 1.0 lacks '\0' termination of the path for CGI scripts because strncpy is misused...

CVE-2022-25775

CVE-2022-25775 affects Mautic, specifically the Reports bundle. The vulnerability is an SQL injection in dynamic Reports, allowing an authenticated, logged-in user to retrieve and alter data, potentially exposing sensitive information, compromising credentials, and, depending on database permissi...