Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986128 advisory. Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitte...

openSUSE Security Advisory (SUSE-SU-2025:02979-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...

Integer Overflow or Wraparound

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via file uploads through servlet containers. An attacker can craft malicious multipart/form-data requests with specially crafted...

CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

CVE-2024-45309 OneDev vulnerable to arbitrary file reading for unauthenticated user

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

CVE-2024-45309 OneDev vulnerable to arbitrary file reading for unauthenticated user

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

PT-2024-7509 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 11.0.9 Description: A vulnerability in OneDev allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. The vulnerability is related to...

Eclipse Jetty 输入验证错误漏洞

Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that stems from invalid URI parsing that could result in an invalid HttpURI.authority, which affects the following products and releases:...

Plesk < 11.0.9 Multiple Vulnerabilities

Plesk is prone to PHP code execution and command execution vulnerabilities. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

CVE-2013-0133

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable...