CVE-2018-25367

NASA openVSP 3.16.1 is affected by a local Denial of Service due to a buffer overflow in the geometry name field (Geom browser pod addition). A 5000-byte payload can crash the application. Exploitation is local; no remediation details are provided in the documents. The vulnerability impact is cra...

OpenVSP 安全漏洞

OpenVSP is a parametric vehicle geometry modeling tool open-sourced by NASA. A security vulnerability exists in OpenVSP version 3.16.1, which stems from a buffer overflow in the geometry name field that could cause a local attacker to crash the application by supplying an extra-long string...

Important: Red Hat Security Advisory: Red Hat Quay 3.16.1

Red Hat Quay 3.16.1 is now available with bug fixes. Quay 3.16.1...

EUVD-2021-19496

Malware in sbrugna...

EUVD-2024-3447

Malicious code in bioql PyPI...

EUVD-2025-11795

Malicious code in bioql PyPI...

WordPress WP Rentals theme <= 3.16.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme WP Rentals versions = 3.16.1...

CVE-2021-32695

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choos...

CVE-2021-32727

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...

CVE-2025-3246

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used $$..$$ math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the...

CVE-2025-3246

CVE-2025-3246 targets GitHub Enterprise Server, specifically version 3.16.1, via an improper neutralization of input that enables cross-site scripting in GitHub Markdown using $$..$$ math blocks. The issue requires access to the target instance and privileged user interaction with the malicious e...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server version...

GHSA-GJXM-X497-4H6H Duplicate Advisory: D-Tale Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...

Duplicate Advisory: D-Tale Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...

CVE-2025-0655

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-0655

CVE-2025-0655 is a duplicate of CVE-2024-55890. Connected sources describe a D-Tale (dtale) RCE affecting dtale versions around 3.15.1 where an attacker can override global state to enable enable_custom_filters, then abuse the /test-filter endpoint to execute arbitrary commands, with the fix in 3...

CVE-2025-0655

...

PT-2025-12319 · Man · D-Tale

Name of the Vulnerable Software and Affected Versions: man-group/dtale version 3.15.1 Description: A vulnerability in man-group/dtale allows an attacker to override global state settings to enable the enable custom filters feature, which is typically restricted to trusted environments. Once...

CVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

GHSA-832W-FHMW-W4F4 D-Tale allows Remote Code Execution through the Custom Filter Input

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability for users to update the enablecustomfilters flag. You can fi...