CBL Mariner 2.0 Security Update: emacs (CVE-2024-53920)

The version of emacs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53920 advisory. - In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code...

AZL-58951 CVE-2025-2588 affecting package augeas for versions less than 1.12.0-6

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function recaseexpand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been...

Apache ActiveMQ 5.3.2 Source Code Disclosure

Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....

Linux Distros Unpatched Vulnerability : CVE-2024-52005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git...

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Linux Distros Unpatched Vulnerability : CVE-2021-42574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Apache ActiveMQ 5.3.1 Source Code Disclosure

Proof of concept exploit that demonstrates a source code disclosure vulnerability in Apache ActiveMQ version 5.3.1. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3.1 PHP Cod...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

SysPass 安全漏洞

SysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in SysPass version 3.2.x. The vulnerability stems from the file upload feature not handling special characters correctly, resulting in a source code leak...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25478

The CVE-2025-25478 issue affects Syspass 3.2.x and stems from the account file upload feature mishandling special characters in filenames. This mismanagement can disclose the web application’s source code and sensitive data (e.g., database password). Multiple sources corroborate the vulnerability...

The GitVenom campaign: cryptocurrency theft using GitHub

In our modern world, it's difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. Very...

FreeBSD : Emacs -- Shell injection vulnerability (7ba6c085-1590-491a-98ce-5452646b196f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ba6c085-1590-491a-98ce-5452646b196f advisory. An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Li...

GHSA-52XF-H226-PFGX Leantime allows Refelected Cross-Site Scripting (XSS)

Summary The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation...

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system...

CVE-2024-52902

IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0 contain hard-coded database passwords in the client application, enabling unauthorized access if exploited. Remediation: upgrade Cognos Controller to 11.0.1 FP4 and Controller to 11.1.0.1 (cloud deploys have corresponding updates)....

Google Android Input Validation Malpractice Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an improper input validation vulnerability that originates from improper input validation in Source of ZipFile.java, no details of the vulnerability are provided at this time...