26 matches found
Astra Linux – Vulnerability in Containerd
Containerd is an open-source container runtime. A bug was discovered in Containerd prior to versions 1.6.18 and 1.5.18, where supplementary groups were not set up properly within a container. If an attacker has direct access to a container and manipulates the supplementary group permissions, they...
CVE-2026-32529
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through 1.5.19...
EUVD-2025-25442
Malicious code in bioql PyPI...
ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23438 more potentially affected by CVE-2025-11226 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.18)
ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...
Quality Open Software Logback 安全漏洞
Quality Open Software Logback is a logging framework for Java applications from Quality Open Software, Switzerland. A security vulnerability exists in Quality Open Software Logback version 1.5.18 and earlier, which stems from improper handling of conditional configuration files and could lead to...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27214
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...
CVE-2025-27213
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier UniFi Connect Display Versio...
Ubiquiti UniFi Connect EV Station 安全漏洞
Ubiquiti UniFi Connect EV Station is an electric vehicle station from Ubiquiti USA. A security vulnerability exists in the Ubiquiti UniFi Connect EV Station version 1.5.18 and earlier, which stems from a lack of authentication for critical functions and could result in an unauthorized restoration...
PT-2025-34173 · Ubiquiti · Unifi Connect Ev Station Pro
Name of the Vulnerable Software and Affected Versions: UniFi Connect EV Station Pro versions 1.5.18 and earlier Description: A missing authentication check for critical functions in UniFi Connect EV Station Pro could allow an attacker with physical or adjacent access to perform an unauthorized...
PT-2024-22609 · Symfony +1 · Symfony1 +1
Name of the Vulnerable Software and Affected Versions: Symfony1 versions 1.3.0 through 1.5.17 Description: This issue is related to a gadget chain in Symfony1 due to a vulnerable Swift Mailer dependency. The vulnerability allows an attacker to achieve remote code execution if a developer...
DEBIAN-CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
UBUNTU-CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...
PT-2023-1887 · Unknown +7 · Kubernetes Containerd +6
Name of the Vulnerable Software and Affected Versions: containerd versions 1.6.17 and earlier, containerd versions 1.5.17 and earlier Description: The issue is related to the import of OCI images in containerd, where there was no limit on the number of bytes read for certain files. A maliciously...
CVE-2022-27640
A vulnerability has been identified in SIMATIC CP 442-1 RNA All versions V1.5.18, SIMATIC CP 443-1 RNA All versions V1.5.18. The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming...
DEBIAN-CVE-2020-36428
matio aka MAT File I/O Library 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble called from ReadInt32Data and MatVarRead4...
UBUNTU-CVE-2020-36428
matio aka MAT File I/O Library 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble called from ReadInt32Data and MatVarRead4...
PT-2021-6570 · Matio +2 · Matio +2
Name of the Vulnerable Software and Affected Versions: matio versions 1.5.18 through 1.5.21 Description: The issue is related to a heap-based buffer overflow in the ReadInt32DataDouble function of the MATIO library, which can be exploited by a remote attacker to access confidential data, compromi...