27 matches found
Electerm's full process.env exposed to renderer via window.pre.env
Impact The getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer e.g., via the DevTools console or a compromised webview context...
EUVD-2026-8593
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions...
PT-2026-20964
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...
CVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...
Remote Code Execution (RCE)
Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrar...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
EUVD-2022-5383
Malicious code in bioql PyPI...
PT-2025-39664
Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description Rancher Manager is susceptible to phishing attacks targeting SAML...
CVE-2025-32964
CVE-2025-32964 affects the ManageWiki MediaWiki extension. The root cause: before commit 00bebea, enabling a conflicting extension could cause a restricted extension to be auto-disabled even if the user lacked the ManageWiki-restricted right. The issue has been patched in commit 00bebea. Practica...
Cross-site Scripting (XSS)
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the uploadTo function in FileUpload.php. An attacker can execute scripts...
PT-2025-4739 · Re11S · Re11S
Name of the Vulnerable Software and Affected Versions: RE11S version 1.11 Description: A stack overflow issue was discovered in the setWAN function via the pptpUserName parameter. This issue can be exploited, potentially leading to unintended consequences. No information is available about the...
PT-2024-28277 · Open Robotics · Ros2 +1
Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: A use-after-free vulnerability was discovered in the nav2 amcl process of Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions. This issue i...
SUSE CVE-2024-47825
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...
PT-2024-11555 · Ovaledge · Ovaledge
Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...
PT-2024-4869 · Tenda · Tenda Fh1202
Name of the Vulnerable Software and Affected Versions: Tenda F1202 version 1.2.0.20408 Description: A critical issue has been found in the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to a stack-based buffer overflow. The...
PT-2023-8245 · Totolink · Totolink T6
Name of the Vulnerable Software and Affected Versions: Totolink T6 version 4.1.9cu.5241 B20210923 Description: A critical issue has been found in the Totolink T6 mesh system, related to a buffer overflow when handling the v41 parameter in the /cgi-bin/cstecgi.cgi?action=login API endpoint. This c...
PT-2023-1338
Name of the Vulnerable Software and Affected Versions Argo CD versions 2.5.0-rc1 through 2.5.7 Argo CD version 2.6.0-rc4 Description The issue is related to an authorization bypass bug in Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. This bug allows a malicious Argo CD...
PT-2022-3474 · Schneider Electric · Conext Combox
Name of the Vulnerable Software and Affected Versions: Conext ComBox All Versions Description: A Cross-Site Request Forgery CSRF issue exists, potentially allowing an attacker to override system configurations and cause a reboot loop through a specially crafted POST request. This could lead to a...
Trellix Global Defenders: Follina — Microsoft Office Zero-Day (CVE-2022-30190)
Trellix Global Defenders: Follina — Microsoft Office Zero-Day CVE-2022-30190 By Taylor Mullins, Robin Noyce , Benjamin Marandel · June 3, 2022 Trellix is continuing to monitor the threat activity associated with the Microsoft Office Zero-Day vulnerability that has been dubbed “Follina.”...
gradle: repository content filters do not work in Settings pluginManagement
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...