compressing 后置链接漏洞

Compressing is a compression and decompression tool library open sourced by nodemodules. Versions of compressing before 2.1.1 and 1.10.5 had a backlink vulnerability. This vulnerability stemmed from a flaw in the pure logical string validation within the isPathWithinParent tool, which failed to...

Symlink Attack

Overview compressing is an Everything you need for compressing and uncompressing Affected versions of this package are vulnerable to Symlink Attack via the isPathWithinParent function. An attacker can overwrite arbitrary files outside the intended extraction directory by supplying a malicious...

EUVD-2026-19295

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution...

CVE-2026-34148 Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

BIT-KYVERNO-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

Double-free in libpcap before 1.10.5 with remote packet capture support.

...

CVE-2024-8006 affecting package libpcap for versions less than 1.10.5-1

CVE-2024-8006 affecting package libpcap for versions less than 1.10.5-1. An upgraded version of the package is available that resolves this issue...

NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support

...

WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin Lightbox slider – Responsive Lightbox Gallery versions = 1.10.6...

CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support.

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

GHSA-264P-99WQ-F4J6 Ion Java StackOverflow vulnerability

Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...

PT-2024-18985 · Atlassian · Jira +5

Name of the Vulnerable Software and Affected Versions: ion-java versions prior to 1.10.5 Bitbucket Data Center and Server versions 7.21.0 through 8.18.0 Confluence Data Center and Server versions 5.6 through 8.8.1 Jira Software versions affected versions not specified Jira Work Management version...

Amazon Ion Security Breach

Amazon Ion is a type-rich, self-describing, hierarchical data serialization format from Amazon Amazon. It provides interchangeable binary and textual representations. A security vulnerability exists in Amazon Ion versions prior to 1.10.5, which stems from a stack overflow in Ion Java that could...

SUSE CVE-2023-47630

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Kyverno security breach

Kyverno is an open source policy engine for Kubernetes by Kyverno. A security vulnerability exists in Kyverno versions prior to 1.10.5, which stems from a vulnerability that allows an attacker to take control of image summaries used by Kyverno users...

CVE-2015-10098

A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function printmodulelist/showwarningssectionnotice/statustext/uigetactionlinks. The manipulation leads to cross site scripting. The attack may be...

WordPress Plugin Broken Link Checker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-10277 · WordPress · Broken Link Checker Plugin

Name of the Vulnerable Software and Affected Versions: Broken Link Checker Plugin versions up to 1.10.5 Description: A vulnerability was found in the Broken Link Checker Plugin on WordPress, affecting the function print module list/show warnings section notice/status text/ui get action links. Thi...