Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...

Security Bulletin: IBM Security Verify Information Queue discloses sensitive information in source code (CVE-2021-20407)

Summary The source code for a Node.js package used by IBM Security Verify Information Queue ISIQ includes the email address of one of the developers of the package. As of v10.0.0, ISIQ is now hiding this sensitive information. Vulnerability Details CVEID:CVE-2021-20407 DESCRIPTION: IBM Security...

GRAudit Grep Auditing Tool 3.8

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...

Wireshark Analyzer 4.4.6

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

4chan Breached? Hacker from Rival Soyjak Forum Claims Source Code Leak

UPDATE: Hackread.com has reviewed internal Discord chat logs from 4chan's Discord server, which confirm the breach...

BIT-GIT-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

EulerOS 2.0 SP11 : git (EulerOS-SA-2025-1355)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vivotek多款产品 安全漏洞

Vivotek ND8422P and others are a network camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in various Vivotek products, which originated from causing sensitive information to be included in the source code. The following products are affected: Vivotek ND8422P,...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

CVE-2025-32054 affects JetBrains IntelliJ IDEA prior to 2024.3, including 2024.2.4. The issue is a logging vulnerability where source code could be written to the idea.log file, potentially exposing sensitive information. The root cause is that certain source code content is logged during normal ...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

BIT-JOOMLA-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...