11 matches found
Insertion of Sensitive Information into Log File
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the setCookie and start functions. An attacker can gain unauthorized access to...
PT-2026-41958
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description The SSH transport in go-git constructs the remote exec command by wrapping the repository path in single quotes but fails to escape single quotes embedded within that path. This allows a repository path...
Cross-site Request Forgery (CSRF)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the delete process in mylistfunction.php due to missing validation of CSRF tokens. An attacker can...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/controller/resource to...
Security Bulletin: Vulnerabilities in tar-fs affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in tar-fs has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs...
Use of Password Hash With Insufficient Computational Effort
Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...
SUSE CVE-2025-49136
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the QuerySubscribers function. An attacker can escalate privileges by injecting malicious SQL commands. Remediation Upgrade github.com/knadh/listmonk/models to version 5.0.0 or higher. References - GitHub Commit - POC...
AZL-55063 CVE-2025-21614 affecting package packer for versions less than 1.9.5-5
go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...
PT-2020-2347 · Siemens · Sinvr/Sivms Video Server
Name of the Vulnerable Software and Affected Versions: SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A path traversal vulnerability has been identified in the streaming service of the SiVMS/SiNVR Video Server, which could allow an unauthenticated remote attacker to access and...
PT-2014-1423
Name of the Vulnerable Software and Affected Versions file versions prior to 5.19 Red Hat Enterprise Linux file-static-5.04 Red Hat Enterprise Linux file-5.04 Red Hat Enterprise Linux file-debuginfo-5.04 Red Hat Enterprise Linux file-libs-5.04 Red Hat Enterprise Linux file-devel-5.04 Debian...