30 matches found
EUVD-2021-0458
Malware in sbrugna...
EUVD-2024-30454
Malicious code in bioql PyPI...
Suricata < 7.0.11 DoS
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...
CVE-2025-54410
CVE-2025-54410 affects Moby (Docker Engine, Mirantis Container Runtime, and downstreams). A firewalld-related issue causes Docker to fail to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing containers to reach ports across bridge networks on the same host. Th...
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
Impact Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated. With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used t...
PT-2025-25021 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...
PT-2025-24432
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description The issue concerns HTML injection in email bodies when the topi...
CVE-2024-32664
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...
CVE-2021-29502
WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...
CVE-2017-6736
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...
CVE-2025-32792
CVE-2025-32792 affects SES’s isolation in the Compartment API. Before 1.12.0, web pages/extensions that used top-level const/let/class bindings in scripts could leak those bindings into the lexical scope of evaluated third-party code. The issue is fixed in SES 1.12.0; mitigations include avoiding...
"SharePoint Server backup is not configured for this organization."
Challenge A SharePoint backup job in Veeam Data Cloud for Microsoft 365 fails with the following error: SharePoint Server backup is not configured for this organization. Note: This error occurs despite SharePoint being correctly configured in Microsoft 365. Cause The issue occurs for specific...
Cilium node based network policies may incorrectly allow workload traffic
Impact Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based network policy is disabled by default in Cilium. Patches This issue was fixed by...
GHSA-V432-7F47-9G94 PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash
Description: PostQuantum-Feldman-VSS, a Python library implementing Feldman's Verifiable Secret Sharing scheme with post-quantum security, was vulnerable to denial-of-service attacks in versions up to and including 0.7.6b0. This vulnerability stems from the library's reliance on the gmpy2 library...
CVE-2025-21626
GLPI is an asset/IT management product vulnerable up to version 10.0.18 due to an anonymous user able to fetch sensitive data from status.php. The issue is fixed in 10.0.18; mitigations include deleting status.php, restricting access, or sanitizing sensitive values in LDAP directories and related...
CVE-2025-25300
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner View link and navigating to 3rd party page leaves window.opener exposed. It may allow hostile third parties to abuse window.opener, e.g. by redirection or injection on the...
CVE-2022-29186
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...
CVE-2025-24363
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
CVE-2025-24034 Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2024-2934)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...