Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

MiracleLinux 7 : mercurial-2.6.2-10.el7 (AXSA:2019-4114:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4114:01 advisory. mercurial: Buffer underflow in mpatch.c:mpatchapply CVE-2018-13347 mercurial: HTTP server permissions bypass CVE-2018-1000132 mercurial: Missing che...

CVE-2025-40838 Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information...

CVE-2025-32395

CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...

Vite bypasses server.fs.deny when using ?raw??

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or...

CVE-2024-23331

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

GL.iNet Multiple Products Operating System Command Injection Vulnerability

GL.iNet MT6000 and others are a router from China's GL.iNet. The operating system command injection vulnerability exists in several GL.iNet products. The vulnerability stems from the fact that NGINX authentication can be bypassed via Lua string pattern matching, which can be exploited by an...

Nexxt Nebula 1200-AC 安全漏洞

The Nexxt Nebula 1200-AC is a wireless router from Nexxt USA. A security vulnerability exists in the Nexxt Nebula 1200-AC version 15.03.06.60, which originates from using the HTTPD service to enable TELNET to bypass authentication and command execution...

SUSE CVE-2016-6629

An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...

Garage Management System 1.0 Cross Site Scripting

Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

Libssh Server-Side Authentication Bypass Vulnerability

libssh is a C library that implements the SSH2 protocol. An authentication bypass vulnerability exists on the server side of Libssh. By providing the SSH2MSGUSERAUTHSUCCESS message to the server in place of the SSH2MSGUSERAUTHREQUEST message that the server normally initiates authentication with,...

Ian Dunn: xmlrpc.php FILE IS enable on Main website

The domain contains XMLRPC activated which can cause serious damage to your server and website.Admin panel can be easily bypassed and also can cause heavy DDOS that can take down the entire server.Just a simple fix can resolve the issue.Secure your site :...

CVE-2017-9946

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions V3.5. An attacker with network access to the integrated web server 80/tcp and 443/tcp could bypass the authentication and download sensitive information from the device...

CVE-2016-6629

CVE-2016-6629 affects phpMyAdmin through the configuration directive $cfg['ArbitraryServerRegexp'], enabling an attacker to reuse certain cookie values to bypass server restrictions defined by ArbitraryServerRegexp. Affected are 4.6.x versions before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before...

CVE-2016-6629

An issue was discovered in phpMyAdmin involving the $cfg'ArbitraryServerRegexp' configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x...