ROOT-OS-UBUNTU-2404-CVE-2025-68188 CVE-2025-68188 in rootio-linux - Patched by Root

Root has patched CVE-2025-68188 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

PT-2026-31269

Name of the Vulnerable Software and Affected Versions Accept PayPal Payments using Contact Form 7 versions through 4.0.4 Description A missing authorization issue exists in the ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension, allowing exploitation of...

GHSA-73F3-RQQF-2J54 Apache Syncope: Console XXE on Keymaster parameters

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

SUSE CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

Xpdf 安全漏洞

Glyph & Cog Xpdf is an open source PDF file viewer from Glyph & Cog. A security vulnerability exists in Xpdf 4.04 and earlier versions, which stems from a loop of PDF objects embedded in the file tree that can lead to infinite recursion and a stack overflow...

PT-2023-20764 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf versions 4.04 and earlier Description: A PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Recommendations: For Xpdf versions 4.04 and earlier, consider updating to a newer version to mitigate the...

fullpage.js 跨站脚本漏洞

fullpage.js is an easy-to-use library for creating full-screen scrolling websites also known as single-page websites or mono-page websites and adding horizontal sliders to various parts of the website. A cross-site scripting vulnerability exists in fullpage.js prior to 4.0.4. No information about...

UBUNTU-CVE-2021-3402

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4...