36 matches found
CVE-2026-33637
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...
Fedora 44 : freetype (2026-a5b86bbf99)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a5b86bbf99 advisory. Update of FreeType to 2.14.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: freetype: freetype-2.14.3-1.hum1 aarch64, x8664 freetype-demos-2.14.3-1.hum1 aarch64, x8664 freetype-devel-2.14.3-1.hum1 aarch64, x8664 freetype-2.14.3-1.hum1.src src...
CVE-2025-50055
Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...
EUVD-2021-11920
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-3203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8decompress of the file...
Linux Distros Unpatched Vulnerability : CVE-2024-3204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file...
CVE-2023-50856
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit –...
CVE-2022-30288
Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors...
CVE-2021-25008
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...
CVE-2025-32965 Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2
xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely t...
WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Paid Member Subscriptions versions = 2.14.3...
OPENSUSE-SU-2024:14493-1 icinga2-2.14.3-1.1 on GA media
These are all security issues fixed in the icinga2-2.14.3-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
icinga2 -- TLS Certificate Validation Bypass
The Icinga project reports: Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to...
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVAT Security Vulnerabilities
CVAT is an interactive video and image annotation tool for computer vision. A security vulnerability exists in CVAT Computer Vision Annotation Tool version 2.1.0 through versions prior to 2.14.3. An attacker can exploit the vulnerability to obtain sensitive information...
DEBIAN-CVE-2024-3204
A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...
DEBIAN-CVE-2024-3203
A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...