52133 matches found
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the remindMe.json.php file. An attacker can extract sensitive database contents or modify data by supplying crafted input to the livescheduleid...
AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification
Summary The plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application explicitly sets session.cookiesamesite=None on session cookies. This allows an...
Command Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via unsanitized input in the restreamer.json.php file. An attacker can execute arbitrary operating system commands with the privileges of the web...
@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling
Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...
MAL-2026-2200 Malicious code in json-lucide (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12d05056fbe7eca08a66d7297aac2b03763073361f0cb33c238a4463f64a0867 The package json-lucide was found to contain malicious code. Source: ghsa-malware 30298bc83e4bdadd246cfdec7006f865348448a5147e0a8258cd4d4feaf7b27f An...
Malicious code in json-lucide (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12d05056fbe7eca08a66d7297aac2b03763073361f0cb33c238a4463f64a0867 The package json-lucide was found to contain malicious code. Source: ghsa-malware 30298bc83e4bdadd246cfdec7006f865348448a5147e0a8258cd4d4feaf7b27f An...
Malicious Package
Overview json-lucide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE-SU-2026:1030-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
Security update for salt
This update for salt fixes the following issues: Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE-SU-2026:1029-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE-SU-2026:1028-1 Security update for salt
This update for salt fixes the following issues: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
SUSE-SU-2026:1012-1 Security update 5.0.7 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...
BIT-MYSQL-CLIENT-2026-32710 Heap-based Buffer Overflow in MariaDB
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...
BIT-MARIADB-2026-32710 Heap-based Buffer Overflow in MariaDB
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...
SUSE CVE-2026-27896
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags - a field tagged json:"method" would also match "Method", "METHOD", etc...
SUSE CVE-2026-30869
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double-encoded traversal sequences, an attacker can access sensitive files such as...
GHSA-XCX6-VP38-8HR5 Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException
Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...
Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException
Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...
Uncontrolled Recursion
Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...