CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

PT-2024-40484 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.17.3 Description: The issue arises from SimpleSAMLphp's trust in metadata when sending SAML messages to other entities. If a malicious party alters the metadata to include JavaScript code in endpoint URLs,...

SimpleRisk 跨站脚本漏洞

SimpleRisk is SimpleRisk open source a risk management software. Used to simplify enterprise risk management. A security vulnerability exists in SimpleRisk versions prior to 1.17.3 that originates in the function checkAndSetValidation in the file simplerisk/js/common.js, where manipulation of the...

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer aka an out-of-bounds slice situation.

...

AZL-6452 CVE-2021-41772 affecting package golang for versions less than 1.17.8-1

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...