61 matches found
GNU LibreDWG 代码问题漏洞
GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A code issue vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a null pointer dereference in the dwgnextentity function of the src/decode.c file in the DWG File Handle...
CVE-2026-42214
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
EUVD-2026-28410
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
PT-2026-38552
Name of the Vulnerable Software and Affected Versions Notepad Next versions prior to 0.14 Description The detectLanguageFromExtension function interpolates a file extension directly into a Lua script without sanitization. An attacker can craft a filename with an extension containing Lua code that...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation
Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...
PT-2026-37224
Name of the Vulnerable Software and Affected Versions Bitcoin Core versions 0.14 through 28.x Description A high-severity memory safety issue exists in the script validation engine of the main node software. This use-after-free flaw—a type of memory corruption that occurs when a program continues...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Summary (CVE-2024-52911) : Bitcoin Core up to version 28.x contains a use-after-free memory safety vulnerability in the script validation engine. The issue can allow remote disruption or arbitrary code execution by sending specially crafted blocks with sufficient PoW, potentially crashing nodes o...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
Important: Red Hat Security Advisory: VolSync v0.14 security fixes and container updates
VolSync v0.14 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
PT-2026-33994
Name of the Vulnerable Software and Affected Versions Net::Dropbear versions prior to 0.14 Description Net::Dropbear for Perl contains a vulnerable version of libtomcrypt, specifically including versions of Dropbear 2019.78 or earlier. Recommendations Update Net::Dropbear to version 0.14 or later...
Net::Dropbear 安全漏洞
Net::Dropbear is an SSH client interface module developed by ATRODO’s individual developers, based on Dropbear. Versions of Net::Dropbear prior to 0.14 contained security vulnerabilities, which stemmed from the inclusion of the vulnerable libtomcrypt library. These vulnerabilities may be affected...
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow...
CVE-2026-35508
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,...