102 matches found
ROOT-OS-UBUNTU-2404-CVE-2025-38190 CVE-2025-38190 in rootio-linux - Patched by Root
Root has patched CVE-2025-38190 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
MINI-GGQH-JP38-CP89
Bulletin has no description...
MINI-Q38C-VV2H-4F8C
Bulletin has no description...
CVE-2026-46427 Budibase: Snowflake private key returned unmasked from datasource API to BASIC users
Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...
VulnCheck KEV: CVE-2025-67303
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...
MINI-RVPX-7WQM-X38H
Bulletin has no description...
CVE-2026-41591
Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a ,...
CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...
MINI-38MX-PM4V-X7GW
Bulletin has no description...
MINI-X57C-38CM-9P75
Bulletin has no description...
CVE-2026-4437 affecting package glibc for versions less than 2.38-19
CVE-2026-4437 affecting package glibc for versions less than 2.38-19. A patched version of the package is available...
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-24805
CVE-2026-24805 is a NULL pointer dereference in visualfc liteide within the area liteidex/src/3rdparty/libvterm/src modules, affecting liteide before x38.4. The issue involves the files screen.C , state.C , and vterm.C ; root cause identified as a NULL pointer dereference. No exploit details or p...
CVE-2026-24536
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through = 4.38.0...
EUVD-2026-3589
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...
MiracleLinux 7 : rh-python38 (AXSA:2021-2383:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2383:01 advisory. python-cryptography: Bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 python: Unsafe use of eval on data retrieved via HTTP...
PT-2026-1959
Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...
CVE-2025-67303
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...
PT-2025-53390
Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 35.0 through 37.2 Description The software contains an improper input validation issue in the signalling component. This flaw allows an attacker to cause a software abort, leading to a denial of service. Recommendations...
Malicious code in rival-poke38 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0ec54c14dce5c425a195ddee454edde81c2afe1f460dd4e8e13fd7e1dd889d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...