GHSA-9CP7-J3F8-P5JX Daptin has Unauthenticated Path Traversal and Zip Slip

Impact The cloudstore.file.upload action in server/actions/actioncloudstorefileupload.go writes user-supplied filenames directly to disk without proper validation. This allows unauthenticated attackers to perform path traversal and zip slip attacks, leading to arbitrary file write and potential...

openSUSE 16 Security Update : kepler (openSUSE-SU-2026:20206-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20206-1 advisory. Update to version 0.11.3. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing...

SUSE CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...

GHSA-PCHF-49FH-W34R Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...

PT-2026-4297

Name of the Vulnerable Software and Affected Versions Soft Serve versions 0.11.2 and below Description Soft Serve, a self-hostable Git server, contains a critical flaw that allows an attacker to impersonate any user, including administrators. This is achieved by presenting the victim's public key...

Common Expression Language 输入验证错误漏洞

Common Expression Language is a common expression language interpreter written in Rust by cel-rust open source. An input validation error vulnerability exists in Common Expression Language version 0.10.0 through versions prior to 0.11.4, which stems from the fact that parsing a specific incorrect...

EUVD-2024-2920

Malicious code in bioql PyPI...

PT-2024-34387 · Adapt Learning · Adapt Learning Adapt Authoring Tool

Name of the Vulnerable Software and Affected Versions: Adapt Learning Adapt Authoring Tool versions = 0.11.3 Description: The issue is related to incorrect access control, allowing attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. This occurs due to a...

validate.js 安全漏洞

validate.js is a declarative validation library written in javascript by the individual developer Nicklas Ansman. A security vulnerability exists in validate.js version 0.11.3 and prior versions, which stems from the presence of a regular expression denial of service vulnerability...

Unexpected panic in multihash

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

UBUNTU-CVE-2021-32749

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...