Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to client ...
Continue Reading
June 10, 2025
Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access ...
Continue Reading
June 10, 2025
Impact GeoNetwork WFS Index functionality is affected by GeoTools XML External Entity (XXE) vulnerability during schema validation. This vulnerability is particularly severe as the REST API endpoint ...
Continue Reading
June 10, 2025
Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). ...
Continue Reading
June 10, 2025
Impact Files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL ...
Continue Reading
June 10, 2025
Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the ...
Continue Reading
June 10, 2025
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view un ...
Continue Reading
June 10, 2025
creation_timestamp| type| source ---|---|--- 2025-06-10 17:51:37+00:00| seen|...Read More ...
Continue Reading
June 10, 2025
Back to Main
