1273 matches found
EUVD-2025-37957
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...
MantisBT lacks verification when changing a user's email address
When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...
Agno session state overwrites between different sessions/users
Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Sensitive Information in Resource Not Removed Before Reuse (CVE-2024-49997)
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...
GHSA-RGVH-4M82-FVJQ InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement
Impact Any plugin using the GuiStorageElement is impacted when used on a server which allows the currently experimental Bundle items. Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 "backported" to 1.6.3-SNAPSHOT Update to...
Security update for python-python-socketio
This update for python-python-socketio fixes the following issues: CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CVE-2025-62612
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...
CVE-2025-61912
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...
BIT-VALKEY-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...
CVE-2025-61776
Dependency-Track prior to version 4.13.5 is affected by a credential leakage vulnerability where credentials intended for a private NuGet repository can be sent to api.nuget.org via the HTTP Authorization header, and names/versions of internal components can be disclosed to api.nuget.org. This sc...
EUVD-2021-0511
Malware in sbrugna...
EUVD-2020-24579
Malware in sbrugna...
EUVD-2020-0218
Malware in sbrugna...
EUVD-2021-1494
Malware in sbrugna...
EUVD-2021-0268
Malware in sbrugna...
EUVD-2021-12064
Malware in sbrugna...
EUVD-2019-10365
Malware in sbrugna...
EUVD-2021-16069
Malware in sbrugna...
EUVD-2021-0352
Malware in sbrugna...
EUVD-2021-15786
Malware in sbrugna...