PT-2026-34870

Name of the Vulnerable Software and Affected Versions libXpm versions prior to 3.5.18-2.1 Description An issue exists in the image parsing functionality of libXpm. Recommendations Update to version 3.5.18-2.1...

OPENSUSE-SU-2026:10608-1 libXpm-devel-3.5.18-2.1 on GA media

These are all security issues fixed in the libXpm-devel-3.5.18-2.1 package on the GA media of openSUSE Tumbleweed...

Use of Hard-coded Credentials

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Use of Hard-coded Credentials for signature verification. An attacker can gain unauthorized access and execute arbitrary commands by bypassing authentication using a hard-coded JWT signing key and...

EUVD-2023-35972

Malicious code in bioql PyPI...

CVE-2025-47530

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through = 3.5.18...

CVE-2025-47530 WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18...

CVE-2023-31677

Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter...

openSUSE 15 Security Update : etcd (SUSE-SU-2025:0357-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0357-1 advisory. Security Update to version 3.5.18: Ensure all goroutines created by StartEtcd to exit before closing the errc mvcc: restore tombstone index if it's first...

Security update for etcd

This update for etcd fixes the following issues: Security Update to version 3.5.18: Ensure all goroutines created by StartEtcd to exit before closing the errc mvcc: restore tombstone index if it's first revision Bump go toolchain to 1.22.11 Avoid deadlock in etcd.Close when stopping during...

SUSE-SU-2025:0357-1 Security update for etcd

This update for etcd fixes the following issues: Security Update to version 3.5.18: Ensure all goroutines created by StartEtcd to exit before closing the errc mvcc: restore tombstone index if it's first revision Bump go toolchain to 1.22.11 Avoid deadlock in etcd.Close when stopping during...

PT-2024-2574 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions prior to 3.5.18 Mastodon versions prior to 4.0.14 Mastodon versions prior to 4.1.14 Mastodon versions prior to 4.2.6 Description: The issue is related to the incorrect handling of Access Tokens when an OAuth Application is...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

PT-2023-24465 · Luowice · Luowice

Name of the Vulnerable Software and Affected Versions: luowice version 3.5.18 Description: The issue allows attackers to access cloud source code information due to incorrect access control. This is achieved by modifying the Verify parameter in a warning message. Recommendations: For luowice...

Code injection

Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter...

PT-2023-23414 · Luowice · Luowice

Name of the Vulnerable Software and Affected Versions: luowice version 3.5.18 Description: The issue allows attackers to view information for other alarm devices by modifying the eseeid parameter, due to insecure permissions. Recommendations: For luowice version 3.5.18, restrict access to the...

Moodle < 3.5.18, 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerability

Moodle is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Squid < 3.5.18 Host Header Handling Same-Origin Protection / Content Filtering Bypass (SQUID-2016:8)

According to its banner, the version of Squid running on the remote host is prior to 3.5.18. It is, therefore, potentially affected by a Host header same-origin filtering bypass vulnerability. A remote attacker could exploit this issue to poison the cache by forcing a Host header value past...

Squid Security Bypass Vulnerability (CNVD-2016-03061)

Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security bypass vulnerability exists in the mimeheader.cc file in versions of Squid prior to...

CVE-2016-4554

mimeheader.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue...

CVE-2016-4554

CVE-2016-4554 affects Squid and is a header smuggling flaw in mime_get_header_field() that can bypass same-origin protections and enable cache poisoning when Squid acts as a reverse/interception proxy. Connected advisories describe concurrent issues (CVE-2016-4051/4052/4053/4054) in ESI processin...