Category: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel  Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel  Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Synology–Unified Controller (DSMUC)  Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Synology–Unified Controller (DSMUC)  Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client  Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client  Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a …

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a …

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info jupyterhub–ltiauthenticator  `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator…

Read more →