CVE-2026-35255

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle Cloud Native Environment Command Line...

EUVD-2025-32560

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

PT-2025-40914

Name of the Vulnerable Software and Affected Versions FlagForge versions 2.0.0 through 2.3.2 Description FlagForge, a Capture The Flag CTF platform, had endpoints that did not require authentication or authorization. Specifically, the /api/admin/badge-templates GET and...

EUVD-2023-0126

Malicious code in bioql PyPI...

GO-2025-3859 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao

OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao

Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2025-3854 OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao

OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse

Impact OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the M...

GHSA-XP75-R577-CVHP Privileged OpenBao Operator May Execute Code on the Underlying Host

Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...

CVE-2024-51363

Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code...

CVE-2024-39014

ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39014

ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39014

The CVE CVE-2024-39014 affects cahil/utils version 2.3.2. Root cause: prototype pollution via the set function, enabling an attacker to inject arbitrary properties and potentially execute arbitrary code or cause a Denial of Service. Documentation notes exploitation and impact but does not provide...

CVE-2023-48054

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

CVE-2023-48054

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

CVE-2023-48054

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

CVE-2023-48054

CVE-2023-48054 concerns missing SSL certificate validation in localstack v2.3.2 , enabling a man-in-the-middle eavesdropping of communications between host and server. Connected advisories confirm the same vulnerability across sources (Red Hat, Veracode, GHSA, OSV, NVD, etc.). The provided docume...

e107 v2.3.2 - Reflected XSS Vulnerability

Exploit Title: e107 v2.3.2 - Reflected XSS Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.2 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1l PHP/7.4.23 XSS Reflect...

e107 v2.3.2 - Reflected XSS

Exploit Title: e107 v2.3.2 - Reflected XSS Date: 11/05/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.2 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1...

CVE-2023-23205

An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multiclientserver/multiclientserver.c...