EUVD-2025-11958

Malicious code in bioql PyPI...

HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...

DEBIAN-CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItemiden in image-items/iden.cc...

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItemiden in image-items/iden.cc...

libheif 代码问题漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A code issue vulnerability exists in libheif versions prior to 1.19.6 that stems from a null pointer dereference in the ImageItemiden function in image-items/iden.cc...

WordPress Shipping for Nova Poshta plugin <= 1.19.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Shipping for Nova Poshta versions = 1.19.6...

go-toolset:ol8 security and bug fix update

delve 1.9.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.9.1-1 - Rebase to 1.9.1 - Related: rhbz2131026 golang 1.19.6-1 - Rebase to Go 1.19.6 - Resolves: rhbz2174430 1.19.4-2 - Fix memory leaks in EVPsign,verifyraw - Resolves: rhbz2132767 go-toolset 1.19.6-1 - Rebase to Go...

RLSA-2023:3083 Moderate: go-toolset:Rocky Linux8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...

go-toolset:Rocky Linux8 security and bug fix update

An update is available for delve, module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...

Uptime Kuma 跨站脚本漏洞

Uptime Kuma is an easy-to-use self-hosted monitoring tool from Louis Lam Personal Developer. A cross-site scripting vulnerability exists in Uptime Kuma version v.1.19.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the description, title, footer, and...

[SECURITY] Fedora 36 Update: golang-1.19.6-1.fc36

The Go Programming Language...

AZL-13739 CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

AZL-13737 CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

AZL-34755 CVE-2022-41724 affecting package golang for versions less than 1.19.6-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

PT-2022-16921

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.21.0 GeoServer versions prior to 2.20.4 GeoServer versions prior to 1.19.6 Description The GeoServer security mechanism can perform an unchecked JNDI lookup, which can be used to perform class deserialization and...

Hostname spoofing via backslashes in URL

Overview Impact urijs before version 1.19.6 is affected by hostname spoofing issue. If using urijs to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, th...

GHSA-P6J9-7XHC-RHWP URIjs Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

PT-2021-17489 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: URI.js versions prior to 1.19.6 Description: The issue concerns the mishandling of backslash characters in certain URI schemes, such as http:/, which can lead to incorrect interpretation of the URI as a relative path. This can result in...