12 matches found
EUVD-2022-33581
Malicious code in bioql PyPI...
WordPress Extensions For CF7 Plugin Path Traversal Vulnerability
WordPress Extensions For CF7 Plugin is a plugin that extends the functionality of Contact Form 7, mainly used to enhance the database management, conditional logic processing and user guidance capabilities of native forms. The WordPress Extensions For CF7 Plugin suffers from a path traversal...
CVE-2025-31489
A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace
Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...
CGA-77FH-PX8C-24H3
Bulletin has no description...
BIT-NODE-MIN-2025-23087
Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities...
CGA-69XR-35VW-CH6P
Bulletin has no description...
December 10, 2024—KB5048667 (OS Build 26100.2605)
December 10, 2024—KB5048667 OS Build 26100.2605 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for December 2024. Normal...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
PT-2022-4745 · Docker +4 · Moby +5
Name of the Vulnerable Software and Affected Versions: Moby Docker Engine versions prior to 20.10.18 Description: The issue is related to the improper setup of supplementary groups in Moby Docker Engine, which can allow an attacker with direct access to a container to bypass primary group...
Securing Home and Small Business Routers
Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user's gateway to the Internet. Router misconfigurations e.g., default credentials, interfaces open to the Internet or the lack of security precautions e.g., absence of updates may make users...