29 matches found
RHCOS 4 : OpenShift Container Platform 4.8.17 (RHSA-2021:3926)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3926 advisory. - coreos-installer: incorrect signature verification on gzip-compressed install images CVE-2021-20319 Note that Nessus has not tested for thi...
GHSA-9MH6-G99M-PPCW auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769
CVE-2025-58769 affects the Auth0-PHP SDK (versions 3.3.0–8.16.0) where the Bulk User Import endpoint does not validate the file-path wrapper or value, allowing arbitrary file paths or URLs. This impacts applications directly using the Auth0-PHP SDK or through Auth0/symfony, Auth0/laravel-auth0, a...
CVE-2023-0907
A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is the function 0x220017 in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached...
CVE-2023-1007
A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally...
Elastic Defend 8.17.3 Security Update (ESA-2025-05)
Elastic Defend Insertion of Sensitive Information into Log Files ESA-2025-05 Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack. This...
Filseclab Twister Antivirus Code Issue Vulnerability
Filseclab Twister Antivirus is an intelligent antivirus software from Fair Filseclab. A code issue vulnerability exists in Filseclab Twister Antivirus version v8.17, which stems from the presence of an elevation of privilege vulnerability...
Filseclab Twister Antivirus Buffer Error Vulnerability
Filseclab Twister Antivirus is an intelligent antivirus from Fair Filseclab. A buffer error vulnerability exists in Filseclab Twister Antivirus version v8.17, which stems from vulnerability to out-of-bounds reads...
PT-2024-17462 · Unknown · Twister Antivirus
Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8.17 Description: The issue is related to a Denial of Service vulnerability. It can be triggered by specific codes, including 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F. Recommendations: F...
PT-2024-16664 · Unknown · Twister Antivirus
Name of the Vulnerable Software and Affected Versions: Twister Antivirus version 8.17 Description: The issue allows Elevation of Privileges on the computer where Twister Antivirus is installed by triggering specific IOCTL codes of the fildds.sys driver, including 0x80112067, 0x801120CB, and...
CVE-2023-50893
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4...
SUSE CVE-2023-51765
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...
CVE-2023-31466
An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration - Compliance - Add a new compliance report" and "Configuration - Timekeeper Configuration - Add a new source there" screens, there are entry points to inject JavaScript code...
PT-2023-16609 · Filseclab · Filseclab Twister Antivirus
Name of the Vulnerable Software and Affected Versions: Filseclab Twister Antivirus version 8.17 Description: A problematic issue has been found in the IoControlCode Handler component, specifically affecting the function 0x220017 in the ffsmon.sys library. This issue leads to denial of service and...
SUSE CVE-2019-2914
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...
rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...
rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...
Laravel Framework 操作系统命令注入漏洞
Laravel Framework is a PHP-based web application development framework by Taylor Otwell, an individual developer. A security vulnerability exists in Laravel Framework prior to version 5.8.17, which is caused by a command injection vulnerability in the software due to a lack of filtering and...
GHSA-3393-HVRJ-W7V3 Denial of Service in Elasticsearch
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...