PT-2025-30539 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An improper control of generation of code 'Code Injection' vulnerability exists in MagicINFO 9 Server. This issue allows code injection. Recommendations: Update MagicINFO 9 Server to...

PT-2025-30496 · Viewvc · Viewvc

Name of the Vulnerable Software and Affected Versions: ViewVC versions 1.1.0 through 1.1.31 ViewVC versions 1.2.0 through 1.2.3 Description: ViewVC is a browser interface for CVS and Subversion version control repositories. The standalone.py script within the ViewVC distribution can expose the...

Cadwyn 跨站脚本漏洞

Cadwyn is an API version control application by the individual developer Stanislav Zmiev. A cross-site scripting vulnerability exists in Cadwyn 5.4.3 and earlier versions, which stems from insufficient validation of the /docs endpoint version parameter input and could lead to a reflective...

PromptChain: a Decentralized Web3 Architecture for Managing AI Prompts As Digital Assets

We present PromptChain, a decentralized Web3 architecture that establishes AI prompts as first-class digital assets with verifiable ownership, version control, and monetization capabilities. Current centralized platforms lack mechanisms for proper attribution, quality assurance, or fair...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

Security update for go1.23

This update for go1.23 fixes the following issues: Update to version go1.23.11 CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

SUSE CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

Red Hat Ansible Automation Platform 代码注入漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat USA. A code injection vulnerability exists in Red Hat Ansible Automation Platform that stems from unvalidated user-supplied Git branches or reference values, which could lead to...

D-Link DWR Device Detection Consolidation

Consolidation of D-Link DWR Router devices detections. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescripti...

PT-2025-26961 · Drupal +1 · Drupal +1

Name of the Vulnerable Software and Affected Versions: Toc.Js versions 0.0.0 through 3.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, in Drupal Toc.Js. This allows an attacker to perform Cross-Site...

TencentOS Server 3: file (TSSA-2022:0202)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0202 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...

CVE-2025-39502 WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS. This issue affects Goodlayers Hostel: from n/a through 3.1.2...

CVE-2024-3275

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

CVE-2022-28619

A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager install...

CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...

CVE-2022-20931

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS...

CVE-2005-2076

HP Version Control Repository Manager VCRM before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen...