protobuf.js 输入验证错误漏洞

protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs: Relaxing the assertions when encoding file handles fails Encoding file handles is typically performed via a filesystem method called encodefh, which may fail for various reasons. Legacy users of exportfsencodefh—such as nfsd...

CVE-2025-66606

CVE-2025-66606 affects Yokogawa FAST/TOOLS (R9.01–R10.04) with multiple packages listed (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB). The vulnerability arises from improper URL encoding, enabling an attacker to tamper with web pages or execute malicious scripts. Connected sources confirm the affected ...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

fs: relax assertions on failure to encode file handles

...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unnecessary warning in the exportfsencodefh function when encoding a file handle fails...

CVE-2024-2594

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...

SAP NetWeaver Enterprise Portal 跨站脚本漏洞

SAP NetWeaver Enterprise Portal is a Web front-end component of SAP NetWeaver from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, which stems from a failure to adequately encode user-controlled inp...

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

SAP Enterprise Portal 跨站脚本漏洞

SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information, and business processes across organizational and technological boundaries. A cross-site scripting vulnerability exists in SAP...

GHSA-CMGW-8VPC-RC59 Segfault on strings tensors with mistmatched dimensions, due to Go code

Impact Under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method...

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-314

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

PYSEC-2021-314

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

CVE-2021-37692

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34406)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...

CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...