65 matches found
CVE-2026-32889
Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...
SUSE CVE-2026-24413
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...
CVE-2026-24413
CVE-2026-24413 involves the Icinga 2 Windows ACL issue where the folder at C:\ProgramData\icinga2\var could be readable by all local users, potentially exposing the private key and synced configuration. Affected range: Icinga 2 versions starting with 2.3.0 up to 2.13.14, 2.14.8, and 2.15.2 (these...
CVE-2024-41144
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
How Attackers Bypass Synced Passkeys
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure...
EUVD-2024-45495
Malicious code in bioql PyPI...
EUVD-2024-2662
Malicious code in bioql PyPI...
Malicious code in synced-plus-agent (npm)
The package synced-plus-agent was found to contain malicious code...
MAL-2025-34336 Malicious code in synced-plus-agent (npm)
The package synced-plus-agent was found to contain malicious code...
SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...
SUSE CVE-2025-34075
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host's Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does...
GHSA-HQP6-MJW3-F586 HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...
HashiCorp Vagrant has code injection vulnerability through default synced folders
An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...
CVE-2024-29977
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...
CVE-2024-51695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695
CVE-2024-51695 describes a reflected XSS in Fabrica Synced Pattern Instances (Fabrica Synced Pattern Instances plugin) caused by improper input neutralization during web page generation. Affected: Fabrica Synced Pattern Instances from n/a through 1.0.8. The connected documents corroborate the vul...
CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...
CVE-2024-51695 WordPress Fabrica Synced Pattern Instances plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yes We Work Fabrica Synced Pattern Instances fabrica-reusable-block-instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through = 1.0.8...