BIT-JAVA-MIN-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

file type 安全漏洞

file type is a file type detection tool developed by Sindre Sorhus. There are security vulnerabilities in the file type version 20.0.0 to 21.3.1. These vulnerabilities stem from specially crafted ZIP files that may trigger excessive memory usage when using fileTypeFromBuffer, fileTypeFromBlob, or...

file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

Impact A denial of service vulnerability exists in the ASF WMV/WMA file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value becomes negative -24, causing tokenizer.ignorepayload to move the rea...

GHSA-5V7R-6R5C-R473 file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

Impact A denial of service vulnerability exists in the ASF WMV/WMA file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value becomes negative -24, causing tokenizer.ignorepayload to move the rea...

EUVD-2026-10894

file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header...

CVE-2026-31808

file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value...

CVE-2026-31808 file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value...

PT-2024-26370 · Asterisk · Asterisk

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.23.1 Asterisk versions prior to 20.8.1 Asterisk versions prior to 21.3.1 Description: Asterisk is an open source private branch exchange and telephony toolkit. After an upgrade to 18.23.0, all unauthorized SIP...

WordPress Contest Gallery Plugin < 21.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions 21.3.1 Fixed in 21.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1487 Patch priority Low CVSS severity Low 6.5 Developer Wasiliy Strecker PSID 898230946609 Credits Giulio - Mistborn...

CVE-2024-1487

The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

WordPress plugin Photos and Files Contest Gallery security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

PT-2024-18087 · WordPress · Photos/Files Contest Gallery Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Photos and Files Contest Gallery WordPress plugin versions prior to 21.3.1 Description: The issue concerns a lack of sanitization and escaping of certain parameters, potentially allowing Cross-Site Scripting attacks by users with a role as lo...

SUSE CVE-2022-21443

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...

OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability

Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...