269 matches found
CVE-2025-9649
A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calcsleeptime of the file sendpackets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version...
CVE-2025-9514
A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...
CVE-2025-9514
Summary (CVE-2025-9514) : Macrozheng Mall versions up to 1.0.3 have a vulnerability in the Registration component. The flaw allows weak password requirements, potentially enabling unauthorized remote access. Exploitation is described as highly complex with difficult exploitability. The provided d...
PT-2025-34840 · Unknown · Macrozheng Mall
Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A flaw exists in the Registration component of the software, impacting an unknown function. This issue results in weak password requirements, potentially allowing unauthorized access. The atta...
CVE-2025-8191
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
CVE-2025-6282 xlang-ai OpenAgents file.py create_upload_file path traversal
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...
CVE-2025-6282
The CVE-2025-6282 issue affects xlang-ai OpenAgents, specifically the create_upload_file function in backend/api/file.py, where a path traversal vulnerability is introduced. Multiple connected sources confirm the vulnerability is critical and that the exploit has been disclosed publicly, with Ope...
GHSA-7G45-4RM6-3MM3
creationtimestamp| type| source ---|---|--- 2025-06-16 19:47:05+00:00| seen| https://gist.github.com/safer-bot/76f63c635db1f22c29c431efd3dc847b 2025-06-16 20:08:28+00:00| seen| https://gist.github.com/safer-bot/3c07d6cb9d4d50c65b92850fe6b9f2d9 2025-06-17 11:01:06+00:00| seen|...
GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server
Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Management Console. An attacker can execute arbitrary code by injecting malicious input into the console. Remediation There is no fixed version for com.weibo:rill-flow. References - GitHub Issue...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the manipulation of the pathtoincludes argument. Remediation There is no fixed version for stb. References - GitHub Issue...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Open function of the file lmdeploy/docs/en/conf.py. An attacker can manipulate the input to execute arbitrary code by crafting malicious input that is processed by this function. Remediation There is...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the component grayfindcell. An attacker can cause a crash of the application by sending specially crafted inputs that trigger a segmentation violation. Remediation A fix was pushed into the master branch but...
GHSA-CF56-G6W6-PQQ2 Twisted vulnerable to HTML injection in HTTP redirect body
Summary The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting XSS in the redirect response HTML body. Details Twisted’s redirectTo functi...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the BerEncoderencodeLength function. Remediation There is no fixed version for libiec61850. References - GitHub Issue...
GHSA-927P-XRC2-X2GJ ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version = 0.0.21 References Report GitHub Issue 44...
GHSA-7PC3-PR3Q-58VG sagemaker-python-sdk Command Injection vulnerability
Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...
sagemaker-python-sdk Command Injection vulnerability
Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...
Divide By Zero
Overview Affected versions of this package are vulnerable to Divide By Zero due to the blendtransformedtiledargb.isra.0 function. An attacker can cause the application to crash by triggering a floating point exception. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub...
GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms
With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...