Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted ne...
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the ...
NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries
Waku has an Open Redirect via `unstable_redirect` Helper
Waku: Cross-Origin CSRF on RSC Server Action Dispatch
Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE
DSpace: Path Traversal is possible through LDN message generation
DSpace: ORE resource URI does not validate scheme for non-web resources
DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path
DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE
async-tar PAX extension-header desync enables tar entry/content smuggling
Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding โ chunked / HTTP/2 requests
`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.