CVE-2023-38693

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

OESA-2025-1251 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...

Simplicity SDK 安全漏洞

Simplicity SDK is a Simplicity software development kit from Silicon Open Source. A security vulnerability exists in Simplicity SDK that originates from a buffer over-read that occurs when an invalid packet is received...

CVE-2025-27156

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

CVE-2025-27402

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

CVE-2024-12742

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2024-12742

CVE-2024-12742 describes a deserialization of untrusted data vulnerability in NI G Web Development Software. Affected: NI G Web Development Software 2022 Q3 and earlier. The flaw exists in parsing of GWEBPROJECT files, with exploitation requiring a user to open a specially crafted project file or...

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

USN-7335-1: Django vulnerability

It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service...

Weak Password Vulnerability in Kingh5stream of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. A weak password vulnerability exists in Beijing...

NI G Web Development Software 代码问题漏洞

NI G Web Development Software is a development software from National Instruments NI that creates test and measurement Web interfaces. A code issue vulnerability exists in NI G Web Development Software version 2022 Q3 and earlier, which stems from deserializing untrustworthy data and could lead t...

Linux Distros Unpatched Vulnerability : CVE-2024-32613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HLfldeserialize in H5HLcache.c, a different vulnerability than...

Linux Distros Unpatched Vulnerability : CVE-2023-44387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves...

CVE-2025-27401

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...