MAL-2026-3413 Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

PT-2026-29025

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST PLAYER APPLICATION SETTING ATTRIBUTES and LIST PLAYER APPLICATION SETTING VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired...

CVE-2022-30727

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space...

VulnCheck KEV: CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...

CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...

PT-2020-16890 · Sonarsource · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube version 8.4.2.36762 Description: The issue allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the "api/settings/values" URI. The vendor's position is that it is the administrator's responsibility to...