ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 – #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos,...

PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables...

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or...

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0. More information : https://devolutions.net/security/advisories/DEVO-2025-0017/

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. More information : https://github.com/yawkat/lz4-java/releases/tag/v1.8.1

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. More information...

Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. More information : https://lists.apache.org/thread/dlbz5hmm4ts3npzqnvhofxmqg9w9zt0o

File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. More information : https://gist.github.com/ikpehlivan/4361fa808e04d884e4771be88e891ec2

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. More information : https://gist.github.com/ikpehlivan/4361fa808e04d884e4771be88e891ec2

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. More information : https://gist.github.com/ikpehlivan/4361fa808e04d884e4771be88e891ec2

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. More information : https://gist.github.com/ikpehlivan/4361fa808e04d884e4771be88e891ec2

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python’s tarfile.extractall() method without the security-critical filter=’data’ parameter. Although...

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic...

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33. More information : https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A8107&LanguageCode=en&DocumentPartId=&Action=Launch