559 matches found
CVE-2025-59375
Summary: CVE-2025-59375 affects libexpat in Expat before 2.7.2. A small XML document can trigger large dynamic memory allocations, per multiple security advisories. Affected software: libexpat (Expat) prior to version 2.7.2. Impact (as stated): Attackers may cause large memory allocations; impact...
PT-2025-37445
Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.7.2 Description libexpat allows attackers to trigger large dynamic memory allocations via a small document submitted for parsing. This can lead to crashes or unpredictable behavior. Recommendations Update to a version...
Linux Distros Unpatched Vulnerability : CVE-2019-1010275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed...
Linux Distros Unpatched Vulnerability : CVE-2018-9989
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint that could cause a crash on invalid input...
CVE-2025-44952
A missing length check in ogspfcpsubnetadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101...
CVE-2024-43214
Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...
CVE-2024-43353
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...
CVE-2024-3867
The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...
CVE-2024-35232
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
CVE-2023-42780
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...
CVE-2023-51519
Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2...
CVE-2022-36014
TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...
CVE-2022-36027
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...
Open5GS 安全漏洞
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An input validation error vulnerability exists in Open5GS v2.7.2 and earlier versions, which stems from a PFCP session parameter validation failure, and can be exploited b...
CVE-2025-32489
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Wetterwarner wetterwarner allows Stored XSS.This issue affects Wetterwarner: from n/a through = 2.7.3...
CVE-2025-32489 WordPress Wetterwarner <= 2.7.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Wetterwarner allows Stored XSS. This issue affects Wetterwarner: from n/a through 2.7.2...
CVE-2025-32489
CVE-2025-32489 refers to a Stored Cross-Site Scripting vulnerability in Wetterwarner (WordPress plugin) that affects Wetterwarner
PT-2025-15770 · Unknown · Wetterwarner
Name of the Vulnerable Software and Affected Versions: Wetterwarner versions n/a through 2.7.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject...
Schneider Electric Trio Q Licensed Data Radio 安全漏洞
Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. A security vulnerability exists in Schneider Electric Trio Q Licensed Data Radio versions prior to v2.7.2, which stems from an insecure resource initialization that could lead to unauthorized access...
Amazon Linux 2 : python-jinja2 (ALAS-2025-2792)
The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2792 advisory. Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...