ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +715 more potentially affected by CVE-2026-42582 via io.netty:netty-codec-http3 (>=4.2.10.Final <=4.2.12.Final)

io.netty:netty-codec-http3 MAVEN version =4.2.10.Final, =0.1.0, =0.1.0, =0.0.1-alfa, =0.0.1-demo, =6.0.1, =4.0.3-M1, =1.21.9, =1.0.5, =3.6.4, =1.0.1, =26.2.1, =26.4.2 and more Source cves: CVE-2026-42582 Source advisory: SNYK:JAVA-IONETTY-16438978...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was susceptible to a denial-of-service attack when used with very long strings...

SUSE CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

DEBIAN-CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

DEBIAN-CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the verifyContinuationFrame function. An...

MiracleLinux 4 : samba4-4.2.10-10.AXS4 (AXSA:2017-1679:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1679:02 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2017-7494 RESERVED This...

EUVD-2023-2123

Malicious code in bioql PyPI...

PNETLab 路径遍历漏洞

PNETLab is a platform from PNETLab Inc. that allows labs to be downloaded and shared with the community. A path traversal vulnerability exists in PNETLab version 4.2.10, which stems from improper user input cleanup in the file access mechanism and could lead to a directory traversal attack...

PT-2025-21644 · Pnetlab · Pnetlab

Name of the Vulnerable Software and Affected Versions: PNETLab version 4.2.10 Description: The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests...

CVE-2024-13489

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection Vulnerability

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 5.6 AND error-bas...

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition <= 4.2.10 - Unauthenticated SQL Injection

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

Information Exposure

Overview org.geonetwork-opensource:gn-services is a GeoNetwork Services. Affected versions of this package are vulnerable to Information Exposure through the search end-point response headers. An attacker can gather sensitive information about the server's software stack by analyzing these header...

WordPress Passster plugin <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Passster versions = 4.2.10...

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...

BIT-MASTODON-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

aldryn-django (=4.2.10.0), arches (=7.5.1) +62 more potentially affected by CVE-2024-27351 via django (>=4.2.0 <=4.2.10)

django PYPI version =4.2.0, =0.0.1, =0.4.0, =5.2.0, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =9.3.0, =9.3.1 - dj-rest-kit =0.0.1a0 and more Source cves: CVE-2024-27351 Source advisory: OSV:GHSA-VM8Q-M57G-PFF3...