25 matches found
CVE-2026-50200
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...
CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...
CVE-2026-42277
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...
CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...
SUSE CVE-2026-25576
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larg...
EUVD-2026-7442
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted imag...
EUVD-2021-2419
Malware in sbrugna...
EUVD-2022-2791
Malicious code in bioql PyPI...
EUVD-2023-43650
Malicious code in bioql PyPI...
CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...
CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6
CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6. A patched version of the package is available...
WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...
WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...
CVE-2021-43836
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18...
CVE-2023-32611 affecting package glib for versions less than 2.71.0-4
CVE-2023-32611 affecting package glib for versions less than 2.71.0-4. A patched version of the package is available...
CVE-2025-29925
XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...
CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15
CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15. A patched version of the package is available...
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is available...
CVE-2023-38469 affecting package avahi for versions less than 0.8-3
CVE-2023-38469 affecting package avahi for versions less than 0.8-3. A patched version of the package is available...
WordPress Robin image optimizer Plugin <= 1.6.9 is vulnerable to Broken Access Control
Software Robin image optimizer Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43122 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a94e3ea55a34 Credits Joshua Chan...