CVE-2026-45292

CVE-2026-45292 affects opentelemetry-java’s baggage propagation path (opentelemetry-api and opentelemetry-extension-trace-propagators). Before 1.62.0, the baggage parser could allocate unbounded memory and incur CPU consumption when parsing oversized baggage, and baggage entries are re-injected i...

CVE-2026-45292 opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

CVE-2024-45292

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

CVE-2024-45292 PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

CVE-2024-45292 PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

CVE-2024-45292 PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

CVE-2024-45292

creationtimestamp| type| source ---|---|--- 2024-10-07 15:06:47+00:00| published-proof-of-concept| https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r8w8-74ww-j4wh 2024-10-07 22:39:27+00:00| seen| https://t.me/cvedetector/7273 2025-03-08 04:35:51+00:00| seen|...

CVE-2023-45292

creationtimestamp| type| source ---|---|--- 2024-01-02 07:36:12+00:00| seen| https://t.me/ctinow/161539...

CVE-2023-50119

DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2023-50119

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-45292. Reason: This record is a reservation duplicate of CVE-2023-45292. Notes: All CVE users should reference CVE-2023-45292 instead of this record. All references and descriptions in this record have been removed to prevent...

CVE-2023-45292 Captcha verification bypass in github.com/mojocn/base64Captcha

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct...

CVE-2023-45292

CVE-2023-45292 describes a Captcha verification bypass in the Go package github.com/mojocn/base64Captcha. The Default Verify function can incorrectly treat a request as valid when the first parameter is a non-existent ID, the second parameter is an empty string, and the third parameter is true, a...

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

CVE-2022-45292

CVE-2022-45292 affects Funkwhale v1.2.8. The vulnerability is that user invites do not permanently expire after signup and invites can be reused after the associated account is deleted, enabling potential reuse of invitations and account abuse. The connected PT-2022-27460 entry provides the affec...

CVE-2021-45292

creationtimestamp| type| source ---|---|--- 2021-12-21 20:12:23+00:00| seen| https://t.me/cibsecurity/34453...

CVE-2021-45292

The gfisomhintrtpread function in GPAC 1.0.1 allows attackers to cause a denial of service Invalid memory address dereference via a crafted file in the MP4Box command...

CVE-2021-45292

GPAC 1.0.1 has a vulnerability in gf_isom_hint_rtp_read that can cause a denial of service through a crafted MP4Box file, due to an invalid memory address dereference. This CVE is CVE-2021-45292. Remediation is to upgrade to a fixed GPAC release (e.g., Debian’s 1.0.1+dfsg1-4+deb11u2).

CVE-2021-45292

The gfisomhintrtpread function in GPAC 1.0.1 allows attackers to cause a denial of service Invalid memory address dereference via a crafted file in the MP4Box command...