CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...

CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...

CVE-2018-13896

XBLSEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBLSEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

Frappe has possibility of SQL injection due to improper validations

Impact SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. Workarounds Upgrading is required, no other workaround is present...

BIT-DJANGO-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

PYSEC-2024-158

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

DEBIAN-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

CVE-2024-21543

CVE-2024-21543 affects the Python package djoser up to version 2.3.0. The vulnerability arises when authenticate() fails and the system falls back to a direct database query, potentially granting access to users with valid credentials and bypassing authentication checks (e.g., 2FA, LDAP, or AUTHE...

SUSE CVE-2024-8676

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the...

CVE-2024-43782

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...

Online Survey System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Survey System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits |...

Malicious code in resumecom-validations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb71bf1cb4ba925079e4cb0146386da6304565a1d20cdb7cba37959876f36320 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7983 Malicious code in resumecom-validations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb71bf1cb4ba925079e4cb0146386da6304565a1d20cdb7cba37959876f36320 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-9JMF-237G-QF46 Django Path Traversal vulnerability

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

CVE-2024-39330

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

MAL-2024-6683 Malicious code in argentinian_validations (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ardm_validations (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activerecord-strict_validations (RubyGems)

--- -= Per source details. Do not edit below this line.=-...