SUSE CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

Apache Tapestry - Remote Code Execution

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the...

Vision Helpdesk 安全漏洞

Vision Helpdesk is a customer service software developed by Vision Helpdesk Company in India. Versions of Vision Helpdesk prior to 5.7.0 contained security vulnerabilities, which were caused by improper handling of serialized cookie data. This vulnerability could lead to the reading of user...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +82 more potentially affected by CVE-2025-64076 via cbor2 (>=5.0.1 <=5.7.0)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.7.0, =0.13.0, =0.0.1, =0.5.5.post5, =0.5.5.post4, =0.1.1, =0.1.0, =0.1.0, =2.0.1, =4.2.13 and more Source cves: CVE-2025-64076 Source advisory: SNYK:PYTHON-CBOR2-14049181...

EUVD-2019-19315

Malware in sbrugna...

EUVD-2017-8658

Malware in sbrugna...

EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2021-8163

Malicious code in bioql PyPI...

EUVD-2024-51967

Malicious code in bioql PyPI...

EUVD-2022-25171

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-1714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically,...

Linux Distros Unpatched Vulnerability : CVE-2022-1899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. CVE-2022-1899 Note that Nessus relies on the presence of the package as reported by th...

Arbitrary File Upload

Overview marshmallow/nova-tiptap is a Laravel Nova tiptap editor field. Affected versions of this package are vulnerable to Arbitrary File Upload via the /nova-tiptap/api/file endpoint, which lacks authentication and file validation. An attacker can upload arbitrary files, including executable or...

PT-2025-30309 · Unknown +2 · Laravel Nova +2

Name of the Vulnerable Software and Affected Versions: marshmallow-packages/nova-tiptap versions prior to 5.7.0 Description: marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. A missing authentication middleware Nova and Nova.Auth on the /nova-tiptap/api/file...

PT-2025-16290 · Unknown · Vision Helpdesk

Name of the Vulnerable Software and Affected Versions: Vision Helpdesk versions 5.7.0 and earlier Description: The issue allows Time-Based Blind SQL injection via the vis username parameter in the Forgot Password feature, also known as index.php?/home/forgot-password. No authentication is require...

PT-2024-35740 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.7.0 Description: The issue is related to SQL injection in the EventAttendance.php file. An attacker can exploit this by manipulating the Event parameter, which is directly interpolated into the SQL query without proper...

RHSA-2015:0033 Red Hat Security Advisory: Red Hat Satellite 5.7.0 General Availability

Bulletin has no description...

netatalk3 -- multiple WolfSSL vulnerabilities

Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...