GO-2025-4021 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni...

CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

PT-2025-41805

Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...

CVE-2025-41053 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...

dovecot security update

1:2.3.16-6 - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message RHEL-55219 - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service RHEL-55206...

PT-2024-1488 · Pypi +6 · Aiohttp +6

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.2 Description: The issue is related to the Python HTTP parser in aiohttp, which has minor differences in allowable character sets. This could trigger error handling and assist in request smuggling, depending on t...

GHSA-V3RG-QM46-XRG9 Path traversal in flaskcode

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

Directory traversal

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

PT-2024-14506 · Flaskcode · Flaskcode

Name of the Vulnerable Software and Affected Versions: flaskcode versions through 0.0.8 Description: An issue was discovered that allows for unauthenticated directory traversal, which can be exploited with a POST request to the "/update-resource-data/" API endpoint. This enables attackers to writ...

MeterSphere Security Vulnerabilities

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.10-lts, which stems from the fact that an authenticated attacker can update a resource that does not belong to him with a known resource...

Debian Security Advisory DSA 1652-1 (ruby1.9)

The remote host is missing an update to ruby1.9 announced via advisory DSA 1652-1. OpenVAS Vulnerability Test $Id: deb16521.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1652-1 ruby1.9 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Challenge bundle document scanner a method-vulnerability warning-the black bar safety net

Since don't know who wrote the one bundled file viewer, file combiner's life。。。。。 Last seen mjbinder and vegetables combined controller will be bundled file viewer to find out, has been just depressed. （Don't know the principles of course depressed indeed not check out but with PEID scan can be...