CVE-2024-34713

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

EUVD-2020-7254

Malware in sbrugna...

EUVD-2024-1631

Malicious code in bioql PyPI...

EUVD-2023-31328

Malicious code in bioql PyPI...

CVE-2025-53840

Icinga DB Web contains an exposure in versions 1.2.0–1.2.1 where users with access to Dependency Views could see hosts and services they should not, due to improper access control on dependency views (filter/hosts and filter/services). The object name is not revealed and access to a host or servi...

PT-2025-27643 · Unknown · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 2.9.8 through 2.9.10 Description: The issue occurs when an empty XML tag is encountered, causing a segmentation fault. This happens if SecParseXmlIntoArgs is set to On or OnlyArgs, the request type is application/xml, and...

PT-2025-22859 · Unknown · Funaudiollm Inspiremusic

Name of the Vulnerable Software and Affected Versions: FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd Description: A critical issue was found in the function load state dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. This issue leads to...

PT-2025-20062 · Samsung · Samsung Notes

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.4.29.23 Description: The issue concerns the use of implicit intent for sensitive communication in translation, allowing local attackers to obtain sensitive information. User interaction is required to trigger...

CVE-2025-32956

ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix namespace name, which is the current namespace you are renaming with an injection...

GHSA-88H5-34XW-2Q56 XSS in the /files Endpoint of the Generic REST API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

CVE-2024-49765

CVE-2024-49765 affects Discourse where sites enabling Discourse Connect alongside local login methods could allow an attacker to bypass Discourse Connect to create accounts and log in. The issue is described as a bypass of login paths rather than a remote exploit; affected component is the Discou...

Image Preparation fails using MCS on GCP due to Google's deprecated images disk export workflow

Symptoms or Error Customers cannot create new catalogs or update the images of existing catalogs. Solution Citrix is currently working on a fix. Workaround: Customers can update the json files to use a newer image and script.Below is the step-by-step process. There are 2 options to update the...

PT-2024-38380 · Microchip Technology · Microchip Advanced Software Framework

Name of the Vulnerable Software and Affected Versions: Microchip Advanced Software Framework versions through 3.52.0.2574 Description: The issue is related to an Improper Input Validation vulnerability in the Microchip Technology Advanced Software Framework example DHCP server, which can cause...

PT-2024-28053 · Pdoc +1 · Pdoc +1

Name of the Vulnerable Software and Affected Versions: pdoc versions prior to 14.5.1 Description: The issue arises from documentation generated with pdoc --math being linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce...

PT-2023-30079 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formSetLg. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the formSet...

PT-2021-14403 · Dynamoose · Dynamoose

Name of the Vulnerable Software and Affected Versions: Dynamoose versions 2.0.0 through 2.6.0 Description: Dynamoose is an open-source modeling tool for Amazon's DynamoDB. A prototype pollution vulnerability was found in the internal utility method lib/utils/object/set.ts, which is used throughou...

KDE Paste Applet

The paste applet included with kdeplasma-addons allows you to define macros that will copy some generated data into the clipboard, using simple macros to define the source and format of the data. The available macros include password... which generates "random" passwords. Here is the code that...

GLSA-200405-23 : Heimdal: Kerberos 4 buffer overflow in kadmin

The remote host is affected by the vulnerability described in GLSA-200405-23 Heimdal: Kerberos 4 buffer overflow in kadmin A buffer overflow was discovered in kadmind, a server for administrative access to the Kerberos database. Impact : By sending a specially formatted message to kadmind, a remo...