CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

Reflex 输入验证错误漏洞

Reflex is a web application from the Reflex open source. An input validation error vulnerability exists in Reflex versions 0.5.4 through 0.8.14, which stems from an unvalidated redirectto query parameter value that could cause a user to be redirected to an arbitrary external URL...

EUVD-2023-1731

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15514-1 python311-uv-0.8.14-2.1 on GA media

These are all security issues fixed in the python311-uv-0.8.14-2.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2023-34411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The...

CVE-2023-7076

A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug2'subject'/bug2'text'/report'subject' leads to cross site scripting. The attack can b...

Cross site scripting

A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been declared as problematic. This vulnerability affects unknown code of the file system/pages/bugtracker.php. The manipulation of the argument bug2'subject'/bug2'text'/report'subject' leads to cross site scripting. The attack can b...

PT-2023-32862 · Myaac · Myaac

Name of the Vulnerable Software and Affected Versions: slawkens MyAAC versions up to 0.8.13 Description: A vulnerability was found in the file system/pages/bugtracker.php, affecting unknown code. The manipulation of the argument bug2'subject', bug2'text', or report'subject' leads to cross-site...

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

xml-rs 代码问题漏洞

xml-rs is an XML library for Rust. A code issue vulnerability exists in xml-rs crate versions prior to 0.8.14, which stems from allowing token errors to be caused by invalid xml markup...

PT-2023-24862 · Xml-Rs · Xml-Rs

Name of the Vulnerable Software and Affected Versions: xml-rs versions 0.8.9 through 0.8.13 Description: The issue allows for a denial of service panic via an invalid ! token, such as !DOCTYPEs/%!A nesting, in an XML document. Recommendations: For xml-rs versions 0.8.9 through 0.8.13, update to...

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...

Solidity 安全漏洞

Solidity is a high-level programming language. A security vulnerability exists in Ethereum Solidity version v0.8.14, which originates from running an example via solc and triggering an internal compiler error...

nginx 0.8.14 拒绝服务漏洞

No description provided by source...

nginx HTTP请求远程缓冲区溢出漏洞

Bugraq ID: 36384 CVE ID：CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngxhttpparsecomplexuri函数存在缓冲区下溢错误，可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中，可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor...

Debian DSA-1010-1 : ilohamail - missing input sanitising

Ulf Harnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attackers to inject arbitrary web script or HTML. %NASLMINLEVEL 70300 C Tenable Network...