39 matches found
Astra Linux – Vulnerability in libstb
stbimage.h also known as the stb image loader version 2.23 has a heap-based buffer overflow issue in stbitgaload, which can lead to information disclosure or denial of service...
EUVD-2026-15984
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
CVE-2026-24830 Integer Overflow or Wraparound in IronOS
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
CVE-2026-24801 A Potential SPA-vulnerability in Ralim/IronOS
Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...
EUVD-2026-4797
Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...
CVE-2026-24801 A Potential SPA-vulnerability in Ralim/IronOS
Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...
PT-2026-4908
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2...
CVE-2025-67632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The Plugin Factory Google AdSense for Responsive Design – GARD google-adsense-for-responsive-design-gard allows DOM-Based XSS.This issue affects Google AdSense for Responsive Design – GARD: from n/...
CVE-2025-67632
CVE-2025-67632 affects Google AdSense for Responsive Design (GARD) in The Plugin Factory; it is a DOM-Based XSS vulnerability triggered by improper input neutralization during web page generation. Affected: google-adsense-for-responsive-design-gard; vulnerable from n/a through
Use of a Key Past its Expiration Date
Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to improper enforcement of OIDC token expiry in the authentication process when no refresh token is provided. An attacker can maintain unauthorized access to the service by continuously using a...
Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.23 CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898 Patch Instructions: To install th...
SUSE-SU-2025:02564-1 Security update for rmt-server
This update for rmt-server fixes the following issues: - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 - CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898...
SUSE-SU-2025:02330-1 Security update for rmt-server
This update for rmt-server fixes the following issues: - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 - CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898...
WordPress PlayerJS plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin PlayerJS versions = 2.23...
PT-2024-25551 · Unknown · Ajax Login/Registration Modal Popup + Inline Form
Name of the Vulnerable Software and Affected Versions: Maxim K AJAX Login and Registration modal popup + inline form versions n/a through 2.23 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Store...
WordPress AJAX Login and Registration modal popup + inline form Plugin <= 2.23 is vulnerable to Cross Site Scripting (XSS)
Software AJAX Login and Registration modal popup + inline form Type Plugin Vulnerable versions = 2.23 Fixed in 2.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33918 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID ea1aeec00d87...
BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...
GeoServer Code Issues Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions 2.22.x prior to 2.22.5 and 2.23.x prior to 2.23.2 that originates from allowing users to share and edit geospatial data...
CVE-2022-45910 Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities
Improper neutralization of special elements used in an LDAP query 'LDAP Injection' vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries DoS, additional queries, filter manipulation during...
PT-2022-27680 · Apache · Apache Manifoldcf
Name of the Vulnerable Software and Affected Versions: Apache ManifoldCF versions 2.23 and prior versions Description: The issue is related to improper neutralization of special elements used in an LDAP query, also known as 'LDAP Injection'. This allows an attacker to manipulate the LDAP search...