Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in url.c, when negotiating an HTTP or HTTPS connection. An attacker can gain unauthorized access to resources or perform actions with the privileges of another user by forcing the reuse of an...

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

CVE-2022-31071

Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...

EUVD-2021-2493

Malware in sbrugna...

EUVD-2022-5885

Malicious code in bioql PyPI...

EUVD-2023-49453

Malicious code in bioql PyPI...

EUVD-2024-29873

Malicious code in bioql PyPI...

EUVD-2021-8703

Malicious code in bioql PyPI...

EUVD-2024-2923

Malicious code in bioql PyPI...

EUVD-2025-3603

Malicious code in bioql PyPI...

EUVD-2023-39917

Malicious code in bioql PyPI...

EUVD-2023-2313

Malicious code in bioql PyPI...

EUVD-2022-52728

Malicious code in bioql PyPI...

EUVD-2022-0495

Malicious code in bioql PyPI...

Fedora 42 : cloud-init (2025-b93ee7b368)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b93ee7b368 advisory. Backport fixes for CVE-2024-6174 and CVE-2024-11584 - cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode...

PT-2025-31437

Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions 7.10.0 and earlier Description OAuth2-Proxy deployments using the skip auth routes configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters...

Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...

CVE-2025-53538

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

OpenBao allows cancellation of root rekey and recovery rekey operations without authentication

Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. Patches In OpenBao v2.2.2 and later, manually setting the configuration option disableunauthedrekeyendpoints=true...

CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows

WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...