CVE-2025-68402

FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. passwordverify is currently being called with a constructed string SHA-256 nonce + part of a bcrypt hash instead of the raw user password. Due to bcrypt’s 72-byte...

PT-2026-24102

Name of the Vulnerable Software and Affected Versions FreshRSS versions prior to 1.27.2-dev Description FreshRSS, a self-hostable RSS aggregator, contains a flaw related to password verification. A change in the length of the nonce, from 40 to 64 characters between commits 57e1a37 and 00f2f04,...

TeslaMate 安全漏洞

TeslaMate is an open source project, a self-hosted data logger for Tesla. A security vulnerability exists in versions of TeslaMate prior to 1.27.2. After accessing the IP address of a TeslaMate instance, an attacker could switch port to 3000 and enter Grafana to perform remote operations...

PT-2024-12286 · Teslamate +1 · Teslamate +1

Name of the Vulnerable Software and Affected Versions: TeslaMate versions prior to 1.27.2 Description: The issue allows unauthorized access to port 4000 for remote viewing and operation of user data. An attacker can access the IP address for the TeslaMate instance, switch the port to 3000 to ente...

MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.23.16, 1.24.x prior to 1.27.2 or 1.28.x prior to 1.28.1 . It is, therefore, affected by a flaw which may allow remote attackers to discover the IP addresses of Wiki Visitors via ...

SUSE CVE-2017-15874

archival/libarchive/decompressunlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation...

Mediawiki security bypass vulnerability (CNVD-2018-10132)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in Mediawiki versions prior to 1.28.1, 1.27.2...

Mediawiki Arbitrary Code Execution Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in Mediawiki versions prior to 1.28.1 and pri...

Information disclosure

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext...

Xxe

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites...

BusyBox Arbitrary Code Execution Vulnerability

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability in the 'addmatch' function in the libbb/lineedit.c file in BusyBox 1.27.2 and earlier versions, which stems from the program's failure t...

BusyBox integer overflow vulnerability (CNVD-2017-35513)

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. An integer overflow vulnerability exists in the archival/libarchive/decompressunlzma.c file in BusyBox version 1.27.2. An attacker could exploit this vulnerabili...

BusyBox integer overflow vulnerability (CNVD-2017-35514)

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. An integer overflow vulnerability exists in the 'getnextblock' function in the archival/libarchive/decompressbunzip2.c file in BusyBox version 1.27.2. An attacke...

DEBIAN-CVE-2017-15874

archival/libarchive/decompressunlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation...