MINI-6534-2965-W22J

Bulletin has no description...

CVE-2026-2965

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...

CVE-2019-2965

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM component: Install - Configuration. Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2024-2965

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

CVE-2022-2965

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...

CVE-2025-2965

creationtimestamp| type| source ---|---|--- 2025-03-30 23:29:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9559 2025-03-31 03:17:36+00:00| seen| https://t.me/cvedetector/21528...

CVE-2025-2965

CVE-2025-2965 has conflicting statuses across sources. Red Hat reports a ConcreteCMS remote‑exploitable cross‑site scripting flaw in the Save function of the Accordion Block Handler affecting up to version 9.3.9, with no fixed version and no remediation version published. CNNVD also indicates the...

CVE-2023-2965

creationtimestamp| type| source ---|---|--- 2025-02-11 02:16:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuloa2lvr2n...

Oracle Siebel Server <= 19.8 (October 2019 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the October 2019 CPU advisory. - Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM component: Install - Configuration. Supported versions...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +491 more potentially affected by CVE-2024-2965 via langchain-community (>=0.0.1 <=0.2.4)

langchain-community PYPI version =0.0.1, =0.1.0, =0.0.2, =0.0.1, =0.1.0, =0.0.1, =0.0.18, =0.2.0, =0.0.1, =0.0.2, =0.0.1, =0.0.4a1 - aicat-annotator =0.0.1 and more Source cves: CVE-2024-2965 Source advisory: OSV:GHSA-3HJH-JH2H-VRG6...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +849 more potentially affected by CVE-2024-2965 via langchain (>=0.0.100 <=0.2.4)

langchain PYPI version =0.0.100, =0.1.0, =0.1.7, =0.2.1, =0.1.0, =0.0.2, =0.0.1, =0.1.0, =0.0.1, =1.1.2, =0.1.0, =0.0.18, =0.0.19b2 and more Source cves: CVE-2024-2965 Source advisory: OSV:GHSA-3HJH-JH2H-VRG6...

CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:2965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-2965

creationtimestamp| type| source ---|---|--- 2024-01-15 13:07:11+00:00| seen| https://t.me/ctinow/168326...

Oracle Siebel < 19.9 (October 2019 CPU)

The remote Oracle Siebel install is affected by a vulnerability as referenced in the October 2019 CPU advisory: - Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM component: Install - Configuration. Supported versions that are affected are 19.8 and...

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double quote, it will continue to read the cookie string unti...

CVE-2022-2965

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...

CVE-2022-2965

CVE-2022-2965 affects notrinos/notrinoserp (a PHP/MySQL web ERP) prior to version 0.7. The root cause is improper restriction of rendered UI layers/frames (missing X-Frame-Options), enabling clickjacking that could lead to actions such as deleting a user account from the admin context. Public sou...

CVE-2022-2965 Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...

CVE-2022-2965 Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...