32 matches found
CVE-2026-62355
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...
CVE-2026-62355
TDengine (TDengine Cloud DB) prior to 3.4.1.15 had a permission issue where a Data Reader admin_user could run create udf and access non-database objects, despite read-only intent for standard users. The vulnerability impact is limited to unauthorized creation of user-defined functions and relate...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...
EUVD-2026-12934
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds read...
EUVD-2023-50140
Malicious code in bioql PyPI...
Uncontrolled Recursion
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...
CVE-2023-45874
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...
Important: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 wh...
Object Computing OpenDDS 安全漏洞
Object Computing OpenDDS is an open source middleware framework for C++ and Java applications from Object Computing, USA. A security vulnerability exists in version b1c534032bb62ad4ae32609778de6b8d6c823a66 of OpenDDS that originates from a vulnerability that allows a local attacker to cause a...
CVE-2023-45874
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...
CVE-2023-45874
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...
Design/Logic Flaw
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...