BIT-JOOMLA-2022-23799 [20220307] - Core - Variable Tampering on JInput $_REQUEST data

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

BIT-JOOMLA-2021-26034 [20210503] - Core - CSRF in data download endpoints

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in combanners and comsysinfo...

Unspecified Vulnerability in Lunary

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-10725

A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT...

CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

bzip2 security update

An update is available for bzip2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The bzip2 packages contain a freely available, high-quality data compressor. It...

CVE-2025-26660

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to...

CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

CVE-2021-37787

creationtimestamp| type| source ---|---|--- 2025-03-08 04:00:07+00:00| published-proof-of-concept| Telegram/WK-d7rHew0RoUjunO6vRsF762k6XwiwPjLRMSoANXZ7zahs 2025-03-11 17:39:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7183 2025-03-20 21:02:03+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2024-50250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fsdax: daxunshareiter needs to copy entire blocks The code that copies data from srcmap to...

Linux Distros Unpatched Vulnerability : CVE-2018-1000127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:itemfree that can result in data corruption and deadlocks due to items...

CVE-2022-49602

In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlfwmarkreflect. While reading sysctlfwmarkreflect, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CBL Mariner 2.0 Security Update: opensc (CVE-2023-5992)

The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5992 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channe...

CVE-2022-49585

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpfastopenblackholetimeout. While reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49580

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49579

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashpolicy. While reading sysctlfibmultipathhashpolicy, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49629 nexthop: Fix data-races around nexthop_compat_mode.

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49607

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perfeventsetoutput and perfmmapclose Yang Jihing reported a race between perfeventsetoutput and perfmmapclose: CPU1 CPU2 perfmmapclosee2 if atomicdecandtest&e2-rb-mmapcount // 1 - 0 detachrest =...