@hmcts/media-viewer (>=4.2.16-exui-4425 <=4.2.16-exui-4425-rel1) potentially affected by CVE-2026-33397 via @angular/ssr (=20.3.18)

@angular/ssr NPM version =20.3.18 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @hmcts/media-viewer =4.2.16-exui-4425, =4.2.16-exui-4425-rel1 Source cves: CVE-2026-33397 Source advisory: OSV:GHSA-VFX2-HV2G-XJ5F...

@hmcts/media-viewer (>=4.2.16-exui-4425 <=4.2.16-exui-4425-rel1) potentially affected by CVE-2026-27738 +1 more via @angular/ssr (=20.3.18)

@angular/ssr NPM version =20.3.18 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @hmcts/media-viewer =4.2.16-exui-4425, =4.2.16-exui-4425-rel1 Source cves: CVE-2026-27738, CVE-2026-33397 Source advisory:...

Linux Distros Unpatched Vulnerability : CVE-2021-20330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential...

CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

aldryn-django (=4.2.10.0), alertwise (=1.0.0) +93 more potentially affected by CVE-2024-53908 via django (>=4.2.0 <=4.2.16)

django PYPI version =4.2.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.4.0, =4.16.2, =4.8.0, =8.0.0, =5.2.0, =5.2.2 - cpu-utilization-monitoring =0.1.3 and more Source cves: CVE-2024-53908 Source advisory: OSV:PYSEC-2024-157...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +487 more potentially affected by CVE-2024-53907 via django (>=4.0.0 <=4.2.16)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =65.10.0, =65.10.3 and more Source cves: CVE-2024-53907 Source advisory: SNYK:PYTHON-DJANGO-8456315...

CVE-2024-45230

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions v5.1.1, v5.0.9 and v4.2.16. An attacker...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:6765)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6765 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

OPENSUSE-SU-2024:14310-1 python310-Django4-4.2.16-1.1 on GA media

These are all security issues fixed in the python310-Django4-4.2.16-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-27087 · Kaon · Kaon Ar2140

Name of the Vulnerable Software and Affected Versions: KAON AR2140 routers versions prior to 4.2.16 Description: The issue is related to a shell command injection vulnerability. It can be exploited by sending a crafted request to one of the endpoints, but access to the administrative portal of th...

MongoDB DoS Vulnerability (SERVER-58203, SERVER-59299, SERVER-60218) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

CVE-2021-32040

Removed by vendor...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03389)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS version 4.2.16. The vulnerability can be exploited by an attacker to perform unauthorized operatio...

BigTree CMS Multiple CSRF Vulnerabilities

BigTree CMS is prone to multiple CSRF vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bigtreecms:bigtreecms";...

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03386)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS versions 4.1.18 and 4.2.16. A remote attacker can exploit this vulnerability to delete users with...

FortiOS Fortimanager_Access SSH account backdoor

Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...

CVE-2015-8509

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code...

StrongSwan/Openswan Denial Of Service Vulnerability June-09

The host is installed with strongSwan/Openswan and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodstrongswannopenswandosvulnjun09.nasl 6515 2017-07-04 11:54:15Z cfischer $ StrongSwan/Openswan Denial Of Service Vulnerability June-09 Authors: Sharath S Copyright:...