Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of thin-vec (CVE-2026-6654)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses the thin-vec-0.2.14 crate, which is vulnerable to a double free error. Vulnerability Details CVEID:CVE-2026-6654 DESCRIPTION: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear...

Top Password SQL Server Password Changer 缓冲区错误漏洞

Top Password SQL Server Password Changer is an SQL password modification tool developed by Top Password. Version 1.90 of Top Password SQL Server Password Changer contains a buffer error vulnerability. This vulnerability stems from buffer overflows in the username and registration code fields, whi...

CVE-2023-48795 affecting package rust for versions less than 1.90.0-1

CVE-2023-48795 affecting package rust for versions less than 1.90.0-1. An upgraded version of the package is available that resolves this issue...

EUVD-2008-4923

Malware in sbrugna...

CVE-2024-41370

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php...

CVE-2024-7769

The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-29380 · Organizr · Organizr

Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: A SQL injection issue was found in Organizr via the chat/settyping.php endpoint. This allows for potential exploitation. Recommendations: For Organizr version 1.90, consider restricting access to the...

PT-2024-29379 · Organizr · Organizr

Name of the Vulnerable Software and Affected Versions: Organizr version 1.90 Description: The issue is related to Cross Site Scripting XSS via the "api.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users' sessions. Recommendations: Fo...

Organizr 安全漏洞

Organizr is a tab management system for causefx individual developers. It is intended to be a one-stop store on the front end of the server. A security vulnerability exists in Organizr v1.90, which stems from a SQL injection vulnerability via chat/setlike.php...

HPE IlO Amplifier Pack 路径遍历漏洞

HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise with automatic firmware and driver updates, manual or automatic recovery of firmware-corrupted systems, and maximizes...

CVE-2021-24424 WP Reset < 1.90 - Authenticated Stored XSS

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

HPE IlO Amplifier Pack 跨站脚本漏洞

HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise automatic update of firmware, drivers, support for manual or automatic recovery of firmware damage to the system, maximiz...

TPEditor Stack Buffer Overflow Vulnerability

Delta Industrial Automation TPEditor is a Windows-based Delta text panel programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Industrial Automation TPEditor version 1.90 and prior versions, which originates when the program fails to validate user inpu...

Stack overflow

In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an...

CVE-2017-18120

A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled, a different vulnerability than CVE-2017-1000421...

CVE-2017-18120

A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled, a different vulnerability than CVE-2017-1000421...

CVE-2017-18120

Gifsicle 1.90 contains a double-free in read_gif (gifread.c) caused by mishandling last_name, allowing a remote attacker to trigger a denial-of-service or other impact via a crafted GIF. Public records across multiple advisories note the fix to 1.91 (and related USN/Fedora advisories), with Fedor...

CVE-2017-18120

A double-free bug in the readgif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because lastname is mishandled, a different vulnerability than CVE-2017-1000421...

CVE-2017-10814

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors...

Corega CG-WLR300NM OS Command Execution Vulnerability

The Corega CG-WLR300NM is a wireless router from Corega Japan. A security vulnerability exists in the Corega CG-WLR300NM using firmware version 1.90 and earlier. An attacker can exploit the vulnerability to execute arbitrary operating system commands...