19 matches found
Debian dla-4578 : rails - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...
EUVD-2023-49456
Malicious code in bioql PyPI...
EUVD-2025-18667
Malicious code in bioql PyPI...
EUVD-2025-16143
Malicious code in bioql PyPI...
BIT-TOMCAT-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-45297
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known...
SonicWall SMA1000 Encoded URL SSRF Vulnerability
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises...
GHSA-29M8-WH9P-5WC4 Apache Kylin Code Injection via JDBC Configuration Alteration
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-25295
Summary: CVE-2025-25295 affects Label Studio and its SDK with a path traversal vulnerability in VOC/COCO/YOLO exports. The root cause is improper file path validation in the label-studio-sdk download function, which processes image references during task exports and can read arbitrary server file...
Important: tomcat9
Issue Overview: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through...
PT-2024-14507 · Unknown · Streampark-Console
Name of the Vulnerable Software and Affected Versions: streampark-console versions prior to 2.1.4 Description: The issue arises from the lack of validation of the sort field sent from the front-end to the back-end, which is used to generate SQL queries. This poses a risk of SQL injection,...
PT-2023-29859 · Fides · Fides
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application allows users to edit consent and privacy notices, such as cookie banners. A vulnerability exists where a crafted payload in the privacy policy URL can trigger JavaScript...
JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Internal path was displayed in some error...
CVE-2023-0240
There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...
DSA-597-1 cyrus-imapd - buffer overflow
Bulletin has no description...
DSA-565-1 sox - buffer overflows
Bulletin has no description...
DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
Bulletin has no description...
DSA-154 fam - privilege escalation
Bulletin has no description...