ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

CVE-2025-61594

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

guests 安全漏洞

guests is a file sharing program open-sourced by ownCloud. A security vulnerability exists in guests prior to version 0.12.5, which stems from insufficient token validation in showPasswordForm and could lead to unauthenticated user enumeration...

EUVD-2022-1366

Malicious code in bioql PyPI...

EUVD-2022-1432

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfi...

GHSA-7287-GRHX-542X Pixelfed may allow unauthorized actor to view private posts and private users

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the account visibility settings. An attacker can view and interact with private posts and accounts by leveraging the improper enforcement of access controls. Remediation Upgrade pixelfed/pixelfed to version...

Pixelfed 安全漏洞

Pixelfed is a free and ethical photo sharing platform from the individual developers of Pixelfed. A security vulnerability exists in versions of Pixelfed prior to 0.12.5 that stems from the fact that anyone can follow private accounts on other Fediverse servers and view private posts...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.5 that stems from an unhandled thread exception and could lead to a denial of service attack...

Security update for buildkit

This update for buildkit fixes the following issues: Update to version 0.12.5: update runc to v1.1.12 exec: add extra validation for submount sources fixes CVE-2024-23651, bsc1219267 oci: fix error handling on submount calls executor: recheck mount stub path within root after container run fixes...

Astra Linux – Vulnerability in libpod

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to...

Astra Linux - уязвимость в libpod

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

PT-2024-23734 · Jjwt · Jjwt

Name of the Vulnerable Software and Affected Versions: JJWT aka Java JWT through 0.12.5 Description: The issue concerns JJWT ignoring certain characters, potentially leading a user to falsely conclude they have a strong key. The impacted code includes the setSigningKey method within the...

SUSE CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

SUSE CVE-2024-23653

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...