11403 matches found
CVE-2026-8721
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
UBUNTU-CVE-2026-8721
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
CVE-2026-8721
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
EUVD-2026-30707
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
CVE-2026-8721
CVE-2026-8721 affects Crypt::OpenSSL::PKCS12 for Perl up to version 1.94. The root cause is that PKCS12.xs passes password data as char* through Perl’s typemap, discarding length, and the C/OpenSSL code calls strlen() on the buffer, causing any password byte at or after the first NULL to be silen...
CVE-2026-8721
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...
PT-2026-41583
Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description The software truncates passwords containing embedded NULL characters. In the PKCS12.xs file, password parameters are declared as char , which utilizes Perl's default typemap SvPV nolen,...
Linux Distros Unpatched Vulnerability : CVE-2026-8721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes...
CVE-2026-45303
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...
EUVD-2021-34816
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...
GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...
@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...
[SECURITY] Fedora 43 Update: php-8.4.21-1.fc43
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
AMD Processors 安全漏洞
AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, stemming from the TOCTOU issue. These vulnerabilities may allow attackers to repeatedly load registers, leading to race conditions and potentially causi...
PT-2026-41386
Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...
PT-2026-41342
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML rendering view. An attacker can execute arbitrary HTML or JavaScript in the user's context by injecting malicious scripts into embedded file in the chat that later shared...
camel-http: Apache Camel: Information disclosure and authentication bypass in embedded HTTP/management servers
A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...