Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the POST /upi/v1/upNodesLinks handler, which processes attacker-controlled JSON input without authentication or authorization checks. An attacker can terminate the entire process by submitting a crafted...

Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

Linux Distros Unpatched Vulnerability : CVE-2022-23517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient...

PT-2025-32372 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.4 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the DocStoreDAO interface. The entityType...

PT-2024-21806 · Zero G · Go-Zero

Name of the Vulnerable Software and Affected Versions: go-zero versions prior to 1.4.4 Description: The issue concerns the CORS Filter feature in go-zero, which allows users to specify an array of domains allowed in the CORS policy. However, the isOriginAllowed function uses strings.HasSuffix to...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects in...

Out-of-Bounds

Overview Microsoft.ChakraCore.vc140 is a core part of the Chakra JavaScript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects ...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects in...

PT-2017-5778 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4 Description: A cross-site scripting XSS issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

PT-2012-3898 · Catalyst It · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 1.4.x through 1.4.3 Mahara versions 1.5.x through 1.5.2 Description: The issue allows remote attackers to read arbitrary files or create TCP connections via an XML external entity XXE injection attack. This can be demonstrated...