Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2016-20023In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users c ...check
CVE-2019-25338DokuWiki 2018-04-22b contains a username enumeration vulnerability in ...check upstream status
CVE-2019-25355gSOAP 2.8 contains a directory traversal vulnerability that allows una ...check upstream status
CVE-2019-25498Simple Job Script contains an SQL injection vulnerability that allows ...check
CVE-2019-25499Simple Job Script contains an SQL injection vulnerability that allows ...check
CVE-2019-25500Simple Job Script contains an SQL injection vulnerability that allows ...check
CVE-2019-25501Simple Job Script contains an SQL injection vulnerability that allows ...check
CVE-2019-25502Simple Job Script contains a cross-site scripting vulnerability that a ...check
CVE-2019-25503PHPads 2.0 contains an SQL injection vulnerability that allows unauthe ...check
CVE-2019-25504NCrypted Jobgator contains an SQL injection vulnerability that allows ...check
CVE-2019-25505Tradebox 5.4 contains an SQL injection vulnerability that allows authe ...check
CVE-2019-25506FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerabili ...check
CVE-2019-25507Ashop Shopping Cart Software contains an SQL injection vulnerability t ...check
CVE-2020-36968M/Monit 3.7.4 contains an authentication vulnerability that allows aut ...check, unclear upstream status
CVE-2020-36969M/Monit 3.7.4 contains a privilege escalation vulnerability that allow ...check, unclear upstream status
CVE-2020-37011Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability tha ...check, unclear upstream status. Doesn't reproduce with the version in trixie
CVE-2020-37038Code Blocks 20.03 contains a denial of service vulnerability that allo ...check, possibly just DoS of application and unimportant
CVE-2020-37040Code Blocks 17.12 contains a local buffer overflow vulnerability that ...check, might be Windows specific issue
CVE-2020-37167ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ...check upstream status
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check details
CVE-2021-26381Improper system call parameter validation in the Trusted OS may allow ...check
CVE-2021-26410Improper syscall input validation in ASP (AMD Secure Processor) may fo ...check
CVE-2021-35483The Applications component of Nokia IMPACT version through 19.11.2.10- ...check
CVE-2021-35484Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authentica ...check
CVE-2021-35485The Applications component of Nokia IMPACT version through 19.11.2.10- ...check
CVE-2021-35486A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT thro ...check
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-20514Improper handling of parameters in the AMD Secure Processor (ASP) coul ...check
CVE-2023-20548A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-20601Improper input validation within RAS TA Driver can allow a local attac ...check
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-31044An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impac ...check
CVE-2023-31313An unintended proxy or intermediary in the AMD power management firmwa ...check
CVE-2023-31324A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-31364Improper handling of direct memory writes in the input-output memory m ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-4027A flaw was found in Undertow. Servlets using a method that calls HttpS ...check details
CVE-2024-21953Improper input validation in IOMMU could allow a malicious hypervisor ...check
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-36310Improper input validation in the SMM communications buffer could allow ...check
CVE-2024-36311A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...check
CVE-2024-36316The integer overflow vulnerability within AMD Graphics driver could al ...check
CVE-2024-36324Improper input validation in AMD Graphics Driver could allow an attack ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2024-55019Incorrect access control in the component download_wb.cgi of Weintek c ...check
CVE-2024-55020A command injection vulnerability in the DHCP activation feature of We ...check
CVE-2024-55021Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...check
CVE-2024-55022Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...check
CVE-2024-55023Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to co ...check
CVE-2024-55024An authentication bypass vulnerability in the authorization mechanism ...check
CVE-2024-55025Incorrect access control in the VNC component of Weintek cMT-3072XH2 e ...check
CVE-2024-55026An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v ...check
CVE-2024-55027Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to st ...check
CVE-2025-0012Improper handling of overlap between the segmented reverse map table ( ...check
CVE-2025-0029Improper handling of error condition during host-induced faults can al ...check
CVE-2025-0031A use after free in the SEV firmware could allow a malicous hypervisor ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-12801A vulnerability was recently discovered in the rpc.mountd daemon in th ...check
CVE-2025-14905A flaw was found in the 389-ds-base server. A heap buffer overflow vul ...check details
CVE-2025-15558Docker CLI for Windows searches for plugin binaries in C:\ProgramData\ ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-15598A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts ...check
CVE-2025-15599DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross- ...check
CVE-2025-29939Improper access control in secure encrypted virtualization (SEV) could ...check
CVE-2025-29946Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...check
CVE-2025-29948Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...check
CVE-2025-29952Improper Initialization within the AMD Secure Encrypted Virtualization ...check
CVE-2025-40894A Stored HTML Injection vulnerability was discovered in the Alerted No ...check
CVE-2025-40895A Stored HTML Injection vulnerability was discovered in the CMC's Sens ...check
CVE-2025-40896The server certificate was not verified when an Arc agent connected to ...check
CVE-2025-52365A command injection vulnerability in the szc script of the ccurtsinger ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-59783API endpoint for user synchronization in 2N Access Commander version 3 ...check
CVE-2025-597842N Access Commander version 3.4.1 and prior is vulnerable to log pollu ...check
CVE-2025-59785Improper validation of API end-point in 2N Access Commander version 3. ...check
CVE-2025-597862N Access Commander version 3.4.2 and prior improperly invalidates ses ...check
CVE-2025-597872N Access Commander application version 3.4.2 and prior returns HTTP 5 ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-62879A vulnerability has been identified within the Rancher Backup Operator ...check
CVE-2025-65102PJSIP is a free and open source multimedia communication library. Prio ...check, might affect asterisk and ring
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66168Apache ActiveMQ does not properly validate the remaining length field ...check
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-66678An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware ...check
CVE-2025-66944SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70341Insecure permissions in App-Auto-Patch v3.4.2 create a race condition ...check
CVE-2025-70342erase-install prior to v40.4 commit 2c31239 writes swiftDialog credent ...check
CVE-2026-0708check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-0847A vulnerability in NLTK versions up to and including 3.9.2 allows arbi ...check
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-1775The Labkotec LID-3300IP has an existing vulnerability in the ice detec ...check
CVE-2026-2746SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...check
CVE-2026-2747SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PG ...check
CVE-2026-2748SEPPmail Secure Email Gateway before version 15.0.1 improperly validat ...check
CVE-2026-3054A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impa ...check, check upstream details
CVE-2026-3103A logic error in the remove_password() function in Checkmk GmbH's Chec ...check
CVE-2026-3125A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...check
CVE-2026-3351Improper authorization in the API endpoint GET /1.0/certificates in Ca ...check
CVE-2026-3520Multer is a node.js middleware for handling `multipart/form-data`. A v ...check
CVE-2026-20001A vulnerability in the REST API of Cisco Secure FMC Software could all ...check
CVE-2026-20002A vulnerability in the web-based management interface of Cisco Secure ...check
CVE-2026-20003A vulnerability in the REST API of Cisco Secure FMC Software could all ...check
CVE-2026-20005Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20008A vulnerability in a small subset of CLI commands that are used on Cis ...check
CVE-2026-20009A vulnerability in the implementation of the proprietary SSH stack wit ...check
CVE-2026-20013A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20014A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20015A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20018A vulnerability in the sftunnel functionality of Cisco Secure Firewall ...check
CVE-2026-20020A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20021A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive ...check
CVE-2026-20022A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20023A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive ...check
CVE-2026-20024A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20025A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Soft ...check
CVE-2026-20031A vulnerability in the HTML Cascading Style Sheets (CSS) module of Cla ...check
CVE-2026-20039A vulnerability in the VPN web server of Cisco Secure Firewall Adaptiv ...check
CVE-2026-20044A vulnerability in the lockdown mechanism of Cisco Secure Firewall Man ...check
CVE-2026-20049A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypt ...check
CVE-2026-20053Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20054Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20057Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20058Multiple Cisco products are affected by vulnerabilities in the Snort 3 ...check
CVE-2026-20062A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security ...check
CVE-2026-20065Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20066Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20067Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20068Multiple Cisco products are affected by a vulnerability in the Snort 3 ...check
CVE-2026-20069A vulnerability in the VPN web services component of Cisco Secure Fire ...check
CVE-2026-20070A vulnerability in the VPN web services component of Cisco Secure Fire ...check
CVE-2026-20073A vulnerability in Cisco Secure Firewall Adaptive Security Appliance ( ...check
CVE-2026-20079A vulnerability in the web interface of Cisco Secure Firewall Manageme ...check
CVE-2026-20082A vulnerability in the handling of the embryonic connection limits in ...check
CVE-2026-20100A vulnerability in the LUA interperter of the Remote Access SSL VPN fe ...check
CVE-2026-20101A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco ...check
CVE-2026-20102A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco ...check
CVE-2026-20103A vulnerability in the Remote Access SSL VPN functionality of Cisco Se ...check
CVE-2026-20105A vulnerability in the Remote Access SSL VPN functionality of Cisco Se ...check
CVE-2026-20106A vulnerability in the Remote Access SSL VPN, HTTP management and MUS ...check
CVE-2026-20131A vulnerability in the web-based management interface of Cisco Secure ...check
CVE-2026-21866Dify is an open-source LLM app development platform. Prior to 1.11.2, ...check
CVE-2026-22866Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...check
CVE-2026-24415OpenSTAManager is an open source management software for technical ass ...check
CVE-2026-24732Files or Directories Accessible to External Parties, Incorrect Permiss ...check
CVE-2026-25590The GLPI Inventory Plugin handles network discovery, inventory, softwa ...check
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-26200HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...check details, said to be fixed in 1.14.4-2 upstream
CVE-2026-26266AliasVault is a privacy-first password manager with built-in email ali ...check
CVE-2026-26272HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...check
CVE-2026-26279Froxlor is open source server administration software. Prior to 2.3.4, ...check
CVE-2026-26478A shell command injection vulnerability in Mobvoi Tichome Mini smart s ...check
CVE-2026-26514An Argument Injection vulnerability exists in bird-lg-go before commit ...check
CVE-2026-26673An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.050 ...check
CVE-2026-27012OpenSTAManager is an open source management software for technical ass ...check
CVE-2026-27441SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neu ...check
CVE-2026-27442The GINA web interface in SEPPmail Secure Email Gateway before version ...check
CVE-2026-27443SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...check
CVE-2026-27444SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interp ...check
CVE-2026-27445SEPPmail Secure Email Gateway before version 15.0.1 does not properly ...check
CVE-2026-27446Missing Authentication for Critical Function (CWE-306) vulnerability i ...check
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27600HomeBox is a home inventory and organization system. Prior to 0.24.0-r ...check
CVE-2026-27601Underscore.js is a utility-belt library for JavaScript. Prior to 1.13. ...check
CVE-2026-27622OpenEXR provides the specification and reference implementation of the ...check
CVE-2026-27641Flask-Reuploaded provides file uploads for Flask. A critical path trav ...check
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28207Zen C is a systems programming language that compiles to human-readabl ...check
CVE-2026-28427OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1 ...check
CVE-2026-28434cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...check
CVE-2026-28435cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...check
CVE-2026-28695Craft is a content management system (CMS). There is an authenticated ...check
CVE-2026-28696Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...check
CVE-2026-28697Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...check
CVE-2026-28781Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and ...check
CVE-2026-28782Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and ...check
CVE-2026-28783Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and ...check
CVE-2026-28784Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.1 ...check
CVE-2026-29022dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-29069Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and ...check
CVE-2026-29119International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX21 ...check
CVE-2026-29120The /root/anaconda-ks.cfg installation configuration file in Internati ...check
Search for package or bug name: Reporting problems