14 matches found
[SECURITY] [DSA 6363-1] python-urllib3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6363-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2026 https://www.debian.org/security/faq -...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the CanDoAPIRoute process. An attacker can delete project backgrounds by using an API token with only the projects.background permission, bypassing intended access controls fo...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the import process. An attacker can exhaust server storage and potentially cause service disruption by uploading compressed zip files containing files that exceed the configur...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn
Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...
CVE-2025-64097
NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...
Arbitrary Code Injection
Overview binary-parser is a Blazing-fast binary parser builder Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which a...
Deserialization of Untrusted Data
Overview isaaclab is an Isaac Lab Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can achieve arbitrary code execution by providing specially crafted data to be deserialized. Details Serialization is a process of...
Arbitrary File Upload
Overview hybridauth/hybridauth is a PHP Social Authentication Library Affected versions of this package are vulnerable to Arbitrary File Upload via install.php, which remains accessible post-installation. An attacker can execute arbitrary PHP code on the server by injecting malicious input into t...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory due to the inclusion of sensitive credentials in provenance events. An attacker with read access to the provenance events can gain unauthorized access to...
CVE-2023-49733
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
PT-2023-31312 · Apache · Apache Cocoon
Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0 Apache Cocoon version 2.2.0 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows users to inject malicious code into XML documents...
PT-2023-30474 · WordPress · So Wp Pinyin Slugs
Name of the Vulnerable Software and Affected Versions: SO WP Pinyin Slugs plugin versions prior to 2.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For SO WP Pinyin Slugs plugin version...
PT-2021-18209 · Sydent · Sydent
Name of the Vulnerable Software and Affected Versions: Sydent versions 2.2.0 and prior Description: The issue is related to missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could cause excessive use of disk space and memory leading to...
Vulnerability fixed in Ruby JSON gem
A vulnerability has been fixed in the JSON gem that is provided by default included in the Ruby installation. The vulnerability allows a malicious party to perform attacks that can lead to the following categories of damage: Manipulation of data. Remote code execution User rights Ruby has release...