EUVD-2026-25150

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

CVE-2026-25355 WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through 2.4.3...

JLSEC-2025-49 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

PT-2023-4419 · Apache · Apache Airflow Drill Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Drill Provider versions prior to 2.4.3 Description: The issue is related to improper input validation in Apache Airflow Drill Provider, allowing an attacker to pass malicious parameters when establishing a connection with...

OESA-2023-1464 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few...

PT-2023-23413 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 2.4.3 Description: The issue concerns a SQL injection vulnerability in the "Length, weight or volume sell" module, also known as ailinear. Recommendations: For PrestaShop versions prior to 2.4.3, update to version...

SUSE CVE-2021-46143

In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize...

SUSE CVE-2022-22824

defineAttribute in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

SUSE CVE-2022-22827

storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

BigBlueButton 数据伪造问题漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A data forgery issue vulnerability exists in BigBlueButton versions prior to 2.4.3, which stems from being bound by insufficient data authenticity validation, resulting in a denial of service...

PYSEC-2022-42984

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint...

Apache Airflow 输入验证错误漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring.Apache Airflow versions prior to 2.4.3 are vulnerable to an input validation error that stems from an open redirect in the...

WordPress plugin User Meta 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress User Meta plugin prior to 2.4.3, which ste...

OESA-2022-1490 expat security update

An XML parser library. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory.CVE-2021-45960 lookup in xmlparse.c in Expat aka libexpat...

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

...

DEBIAN-CVE-2022-22822

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

ALPINE-CVE-2022-22822

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

AZL-7159 CVE-2022-22825 affecting package expat for versions less than 2.4.3-1

lookup in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

PT-2021-21751 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of tf.raw ops.SparseDenseCwiseDiv is vulnerable to a division...

Nagios SQL注入漏洞

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A SQL injection vulnerability exists in Nagios Network Analyzer versions prior to 2.4.3. The vulnerability can be exploited to read sensitive data from the database and...