CVE-2026-28411

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $REQUEST superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass...

CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

EUVD-2005-3735

Malware in sbrugna...

EUVD-2006-6644

Malware in sbrugna...

EUVD-2001-0076

Malware in sbrugna...

EUVD-2006-4661

Malware in sbrugna...

EUVD-2006-3752

Malware in sbrugna...

EUVD-2007-0647

Malware in sbrugna...

EUVD-2006-4864

Malware in sbrugna...

EUVD-2007-0597

Malware in sbrugna...

EUVD-2005-2692

Malware in sbrugna...

EUVD-2025-14804

Malicious code in bioql PyPI...

EUVD-2024-49082

Malicious code in bioql PyPI...

CVE-2024-8311

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template...

K000150232: Multiple PHP vulnerabilities

Security Advisory Description CVE-2007-2728 The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security...

CVE-2024-8311

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template...

CVE-2024-8311 Improper Protection of Alternate Path in GitLab

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template...

CVE-2024-8311

CVE-2024-8311 affects GitLab Enterprise/Community Edition pipeline execution policies. The issue allows an authenticated user to bypass variable overwrite protections by including a CI/CD template in versions: GitLab EE 17.2 up to 17.2.5 (exclusive) and 17.3 up to 17.3.2 (exclusive). Root cause: ...

CVE-2024-8311

Removed by vendor...