GO-2026-4751 Zitadel is missing enforcement of organization scopes in github.com/zitadel/zitadel

Zitadel is missing enforcement of organization scopes in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

GO-2026-4573 ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel

ZITADEL's truncated opaque tokens are still valid in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

CVE-2025-64421

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can invite a high privileged user. At first, the application will throw an error, but if the attacker clicks th...

CVE-2025-59955

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the /api/v1/teams/teamid/members and /api/v1/teams/current/members API endpoints allows...

PT-2026-1335

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including v4.0.0-beta.434 Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection exists in the git source input fields of a resource, potentially allowing a...

EUVD-2024-19462

Malicious code in bioql PyPI...

CVE-2025-55584

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account...

CVE-2025-55587

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-55591

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint...

CVE-2025-55584

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account...

CVE-2025-55584

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account...

CVE-2025-29632

CVE-2025-29632 affects free5GC v4.0.0, with a Buffer Overflow in the AMF path (NGAP, security.go, handler_generated.go, handleInitialUEMessageMain) caused by DecodePlainNasNoIntegrityCheck handling of an empty NAS payload. This can crash the AMF and cause DoS. Exploitation details are present in ...

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

CVE-2020-18178

Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."...

CVE-2025-45861

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface...

CVE-2024-12082

OpenHarmony is affected by CVE-2024-12082 in v4.0.0 and earlier, where an out-of-bounds read leads to information leakage via local access. The root cause is an out-of-bounds read in vulnerable components; impact is confidentiality (information disclosure) with no integrity/availability impact st...

CVE-2024-47402

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read...

CVE-2024-47402 Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read...

GHSA-8RM2-93MQ-JQHC Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

Impact A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. Patches Please use version 4.0.0 or later github.com/codeclysm/extract/v4. Any previous version is affected by the bug. Workarounds No knows workarounds. Backward compatibility...

CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...