Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 12:35 a.m.17 views

zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:33 a.m.16 views

Parse Server's Cloud Hooks and Cloud Jobs bypass `readOnlyMasterKey` write restriction

Impact Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is documented to deny all write operations. However, some endpoints incorrectly accept the readOnlyMasterKey for mutating operations. This allows a caller who only holds the readOnlyMasterKey to...

8.6CVSS5.9AI score0.0038EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:32 a.m.10 views

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

7.1CVSS5.9AI score0.00517EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.9 views

Duplicate Advisory: HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hj7x-879w-vrp7. This link is maintained to preserve external references. Original Description An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding...

9.3CVSS5.9AI score0.00707EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.10 views

Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.8 views

Duplicate Advisory: Cache poisoning via insecure-by-default cache key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f93w-pcj3-rggc. This link is maintained to preserve external references. Original Description A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.10 views

pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

9.3CVSS5.9AI score0.05856EPSS
Exploits17References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:27 a.m.9 views

Multer Vulnerable to Denial of Service via Uncontrolled Recursion

Impact A vulnerability in Multer versions 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Patches Users should upgrade to 2.1.1 Workarounds None Resources -...

8.7CVSS5.9AI score0.00713EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:26 a.m.10 views

Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

6.5CVSS6AI score0.00504EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:23 a.m.9 views

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:20 a.m.6 views

Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:16 a.m.9 views

eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write

Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...

5.5CVSS6.2AI score0.00237EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:12 a.m.19 views

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

9.8CVSS6.2AI score0.00782EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 12:10 a.m.14 views

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

8CVSS6AI score0.00472EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 10:59 p.m.15 views

SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)

Summary SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file 811 bytes stalling the application and even crashing the Node.js process with JavaScript heap out of memory. Details The upstream XML parser sax doesn't interpr...

7.5CVSS6AI score0.00612EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 10:53 p.m.5 views

ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

Summary A vulnerability in Zitadel's login V2 interface was discovered, allowing for possible account takeover. Impact Zitadel allows organization administrators to change the default redirect URI for their organization. This setting enables them to redirect users to an arbitrary location after...

7.7CVSS6.2AI score0.00318EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/04 10:51 p.m.5 views

ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication

Summary A vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their organizaton. Impact Zitadel enables administrators to configure their...

8.2CVSS5.9AI score0.00312EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/04 10:47 p.m.8 views

ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint

Summary A vulnerability was discovered in Zitadel's login V2 interface that allowed a possible account takeover. Impact Zitadel exposes an HTTP endpoint named /saml-post. This endpoint is used for handling requests to SAML IdPs and accepts two HTTP GET parameters: url and id. When these parameter...

9.3CVSS6.5AI score0.00402EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/04 10:38 p.m.9 views

File Browser's TUS Delete Endpoint Bypasses Delete Permission Check

Summary A broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrato...

9.1CVSS6.2AI score0.00487EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 10:9 p.m.7 views

Netmaker Vulnerable to Denial of Service via Server Shutdown Endpoint

The /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals...

8.7CVSS5.9AI score0.00331EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:45 p.m.7 views

SiYuan: Unauthenticated Reflected XSS via SVG Injection in /api/icon/getDynamicIcon Endpoint

Summary An unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint: - GET /api/icon/getDynamicIcon When type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is unauthenticated and returns image/svg+xml, a crafted URL ca...

9.3CVSS6.1AI score0.00625EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:32 p.m.12 views

NLTK has a Path Traversal issue

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

8.6CVSS7.8AI score0.00924EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:31 p.m.9 views

Fickling missing RCE-capable modules in UNSAFE_IMPORTS

Assessment The modules uuid, osxsupport and aixsupport were added to the blocklist of unsafe imports https://github.com/trailofbits/fickling/commit/ffac3479dbb97a7a1592d85991888562d34dd05b. Original report Summary fickling's UNSAFEIMPORTS blocklist is missing at least 3 stdlib modules that provid...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:30 p.m.8 views

Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...

6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:28 p.m.6 views

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

9.3CVSS6.1AI score0.00527EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:28 p.m.58 views

Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

9.8CVSS5.8AI score0.00978EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:23 p.m.22 views

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

8.7CVSS5.8AI score0.00552EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:19 p.m.4 views

traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)

Impact There is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put in place to prevent the removal of Traefik-managed X-Forwarded headers such as X-Real-Ip, X-Forwarded-Host, X-Forwarded-Port,...

9.8CVSS6AI score0.01513EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/04 9:7 p.m.6 views

`time_calibrators` was removed from crates.io due to malicious code

The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:5 p.m.6 views

Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Summary This vulnerability exists in Nuclio's Shell Runtime component, allowing attackers with function invocation permissions to inject malicious commands via HTTP request headers, execute arbitrary code with root privileges in function containers, steal ServiceAccount Tokens with cluster-admin...

9.8CVSS6.4AI score0.02359EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:59 p.m.8 views

changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()

Summary - The changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. - XPath 3.0 includes the unparsed-text function...

9.3CVSS6AI score0.00484EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:58 p.m.82 views

changedetection.io has Reflected XSS in its RSS Tag Error Response

A reflected cross-site scripting XSS vulnerability was identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the browser...

6.1CVSS5.8AI score0.00282EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:55 p.m.9 views

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Summary After upgrading the library from 1.5.2 to 1.6.0 and the latest 1.6.5 it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was...

9.8CVSS6AI score0.00425EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:55 p.m.7 views

Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint

Summary The GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF through parameter injection in the filetype query parameter. An attacker can inject arbitrary query parameters into the internal request to pict-rs, including the proxy parameter which causes pict-rs to fetch...

8.7CVSS6.1AI score0.00272EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:52 p.m.8 views

Craft CMS has unauthenticated activation email trigger with potential user enumeration

The actionSendActivationEmail endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the...

6.9CVSS6.1AI score0.00273EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:44 p.m.5 views

`time_calibrator` was removed from crates.io due to malicious code

It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:43 p.m.8 views

Kimai's API invoice endpoint missing customer-level access control (IDOR)

Summary GET /api/invoices/id only checks the role-based viewinvoice permission but does not verify the requesting user has access to the invoice's customer. Any user with ROLETEAMLEAD which grants viewinvoice can read all invoices in the system, including those belonging to customers assigned to...

6.5CVSS5.9AI score0.00399EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:33 p.m.9 views

IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Impact An attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it ...

8.1CVSS5.9AI score0.00427EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:19 p.m.15 views

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

8.1CVSS6.2AI score0.00786EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:18 p.m.7 views

lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints

Summary The GET /1.0/certificates endpoint non-recursive mode returns URLs containing fingerprints for all certificates in the trust store, bypassing the per-object canview authorization check that is correctly applied in the recursive path. Any authenticated identity — including restricted,...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:16 p.m.8 views

neqo-qpack has iInteger overflow in qpack dynamic table indexing

Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:14 p.m.13 views

Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher

Summary In the test environment, it was confirmed that an authenticated regular user can specify another user’s cipherid and call: PUT /api/ciphers/id/partial Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes...

5.4CVSS6AI score0.00167EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:13 p.m.9 views

Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role

Summary Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection: PUT /api/organizations//collections/ succeeds HTTP 200 PUT /api/organizations//collections//users...

8.3CVSS5.9AI score0.00287EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:7 p.m.12 views

Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Summary A Manager account accessall=false was able to escalate privileges by directly invoking the bulk-access API against collections that were not originally assigned to them. The API allowed changing assigned=false to assigned=true, resulting in unauthorized access. Additionally, prior to the...

8.3CVSS6AI score0.00293EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:6 p.m.11 views

Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 8:5 p.m.6 views

@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

Summary When using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed without authorization. In particular, paths containing encoded slashes %2F may be...

7.5CVSS6AI score0.00327EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 7:49 p.m.8 views

Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 7:48 p.m.4 views

Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()

Summary When using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 7:48 p.m.9 views

Hono vulnerable to arbitrary file access via serveStatic vulnerability

Summary When using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowe...

9.8CVSS6AI score0.00437EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 7:44 p.m.4 views

OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty

Summary BlueBubbles is an optional OpenClaw channel plugin. A configuration-sensitive access-control mismatch allowed DM senders to be treated as authorized when dmPolicy was pairing or allowlist and allowFrom was empty/unset. Severity Rationale Medium Severity is set to medium because: - this...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities33227