1207 matches found
Astra Linux - уязвимость в glib2.0
A issue was discovered in GNOME GLib before version 2.66.8. When the gfilereplace function is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly creates the target of the symlink as an empty file. This could potentially have security implications ...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
CVE-2026-44718
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...
Arbitrary File Upload
Overview @strapi/upload is a Makes it easy to upload images and files to your Strapi Application. Affected versions of this package are vulnerable to Arbitrary File Upload via the Content API uploadFiles and replaceFile handlers, which bypass administrator-configured MIME type restrictions. An...
curl: cookie: case-insensitive path comparison in replace_existing() allows cookie eviction across distinct paths
Hi all, replaceexisting in lib/cookie.c compares cookie paths case-insensitively at two sites. On case-sensitive servers, /Admin and /admin are distinct resources and are supposed to produce distinct jar entries. Because libcurl conflates them, a Set-Cookie at one path silently evicts the cookie ...
PT-2026-41125
Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager versions prior to 1.3.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...
CVE-2026-44418
EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...
CVE-2026-6499
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...
CVE-2026-6499
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...
CVE-2026-6499
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...
CLSA-2026-1777881308 jq: Fix of 2 CVEs
CVE-2026-32316: fix heap buffer overflow in jvpstringappend and jvpstringcopyreplacebad - CVE-2026-39979: fix out-of-bounds read in jvparsesized...
PT-2026-36800
Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just...
Astra Linux - уязвимость в firefox, thunderbird
In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could occur when the number of elements to be replaced is too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...