Medium
CVSS: 5.3
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The atta…
Medium
CVSS: 5.3
ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.he…
Medium
CVSS: 6.9
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string terminatio…
Medium
CVSS: 6.9
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
High
CVSS: 7.7
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
High
CVSS: 8.7
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.