DEBIAN-CVE-2025-32699

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...

CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

CVE-2024-47610

The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...

PT-2024-32671

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.16.5 Description The issue allows a registered user to store JavaScript in markdown notes fields, which are then displayed to other logged-in users who visit the same page and executed. The estimated number of...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking. A cross-site scripting vulnerability exists in InvenTree versions prior to 0.16.5, which originated by allowing a registered user to store JavaScri...

Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP

Impact The "download image from remote URL" feature can be abused by a malicious actor to potentially extract information about server side resources. Submitting a crafted URL in place of a valid image can raise a server side error, which is reported back to the user. This error message may conta...

CVE-2023-34494

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nanoctxsend function of nmqmqtt.c...

CVE-2023-34494

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nanoctxsend function of nmqmqtt.c...

CVE-2023-34494

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nanoctxsend function of nmqmqtt.c...

Heap overflow

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nanoctxsend function of nmqmqtt.c...

NanoMQ 资源管理错误漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies, USA. A security vulnerability exists in NanoMQ version 0.16.5, which stems from the presence of a heap reuse after heap release issue...

PT-2023-24907 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.16.5 Description: The issue is related to a heap-use-after-free error in the nano ctx send function of nmq mqtt.c. Recommendations: For NanoMQ version 0.16.5, at the moment, there is no information about a newer version that...

CVE-2023-34494

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nanoctxsend function of nmqmqtt.c...

PT-2022-27691 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteRole function in RoleStore.java is affected when using the API interface /auth/v1/roles/. Recommendations:...

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

CVE-2022-45932

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used...

PT-2022-27690 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteUser function in the UserStore.java file is affected when the API interface "/auth/v1/users/" is used...

CVE-2022-45931

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used...

PT-2022-27689 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteDomain function in DomainStore.java is affected, specifically for the "/auth/v1/domains/" API interface...