CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via certain Check and ListObject calls. An attacker can gain unauthorized access to resources by exploiting improper enforcement of access policies when a relation is directly assignable by a type bound public...

EUVD-2023-2181

Malicious code in bioql PyPI...

EUVD-2024-1081

Malicious code in bioql PyPI...

EUVD-2024-45812

Malicious code in bioql PyPI...

CVE-2024-52279

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

[SECURITY] [DSA 5934-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5934-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 02, 2025 https://www.debian.org/security/faq -...

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade...

CVE-2025-2885

CVE-2025-2885 affects the Tough root-metadata handling in the Amazon Tough (Rust) client library. The root metadata version number validation is missing, allowing an attacker to supply an arbitrary version instead of the intended one, which could cause the client to fetch a different or outdated ...

CVE-2024-29733

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTPTLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.createdefaultcontext during FTPTLS...

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

CVE-2024-24819 icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...

CVE-2023-39352

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...

CVE-2022-41916 Read one byte past a buffer when normalizing Unicode

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC via PKINIT and kinit via PKINIT, as well as any third-party applications using Heimdal's...

Debian Security Advisory DSA 2863-1 (libtar - directory traversal)

A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...