SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. More information : https://github.com/typeorm/typeorm/pull/11574
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses....
Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent...
Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decode_win_permissions, resulting in writing a NULL byte 2 bytes before the start of...
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object...
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization of input data before wrapping in...
A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection. More information : https://github.com/xmqaq/cve/issues/2
Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL. More information : https://github.com/D7EAD
An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request. More information : https://medium.com/@sulaimanalabduli/title-817c6346ac65
Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16. More information : https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025
Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins...
Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. More information : https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3560
Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller...