Astra Linux - уязвимость в tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1...

GHSA-R5RP-J6WH-RVV4 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...

Cross-site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to internationalization of security-sensitive attributes bypassing Angular’s sanitization when combined with untrusted data binding, which allows an attacker to inject malicious scripts...

UBUNTU-CVE-2026-32635

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs whe...

EUVD-2005-0299

Malware in sbrugna...

EUVD-2007-2740

Malware in sbrugna...

EUVD-2016-6037

Malware in sbrugna...

EUVD-2010-5053

Malware in sbrugna...

EUVD-2019-8653

Malware in sbrugna...

EUVD-2021-0808

Malware in sbrugna...

EUVD-2025-0014

Malicious code in bioql PyPI...

EUVD-2023-2367

Malicious code in bioql PyPI...

UUID/GUID Version 1 Detected

This is an informational plugin to inform the user that the scanner has detected a UUID/GUID version 1. UUID/GUID version 1 contains the MAC address of the computer that generated it, as well as a timestamp. This means that if an attacker can obtain a UUID/GUID version 1, they can infer host...

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information...

CVE-2025-53886

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

CVE-2022-32896

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]

Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...

CVE-2025-31490

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...