Amazon::Credentials 安全特征问题漏洞

Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...

GHSA-7FQQ-Q52P-2JJG OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.2.0 contained a security...

Linux Distros Unpatched Vulnerability : CVE-2025-58052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group...

Galette 安全漏洞

Galette is a Galette open source membership management web application for non-profit organizations. A security vulnerability exists in Galette versions prior to 1.2.0, which stems from elevated privileges that can be granted through a spoofed POST request...

PT-2025-52454

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

Linux Distros Unpatched Vulnerability : CVE-2017-5929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. CVE-2017-5929 Note that Nessus...

Dalmann OCPP.Core Security Vulnerability

Dalmann OCPP.Core is an OCPP Open Charge Point Protocol server written in .NET 6 by Ulrich Individual Developers. A security vulnerability exists in Dalmann OCPP.Core versions prior to 1.2.0, which stems from the server mishandling StartTransaction messages containing additional, arbitrary, or...

SwiftyEdit CMS Cross-Site Request Forgery Vulnerability

SwiftyEdit CMS is an open source content management platform. A cross-site request forgery vulnerability exists in versions of SwiftyEdit CMS prior to v1.2.0, which stems from vulnerability to cross-site request forgery CSRF attacks...

PT-2023-32404 · Unknown · Pkp/Customlocale

Name of the Vulnerable Software and Affected Versions: pkp/customLocale versions prior to 1.2.0-1 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/customLocale. CSRF is an attack that tricks a user into performing unintended actions on a web...

PT-2023-24765 · Unknown · Cloudexplorer Lite

Name of the Vulnerable Software and Affected Versions: cloudexplorer-lite versions prior to 1.2.0 Description: The issue is related to weak passwords that can be easily guessed, making them an easy target for brute force attacks. This can lead to an authentication system failure and compromise...

PT-2023-23880 · Videolan +3 · Dav1D +3

Name of the Vulnerable Software and Affected Versions: VideoLAN dav1d versions prior to 1.2.0 Description: The issue is related to a thread task.c race condition that can lead to an application crash. This condition is associated with the dav1d decode frame exit function. Recommendations: For...

Apache Sling 安全漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit. A security vulnerability exists in Apache Sling Resource Merger...

SUSE CVE-2015-20001

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside siftup or siftdownrange panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory...

PT-2022-13779 · Trudesk · Trudesk

Name of the Vulnerable Software and Affected Versions: trudesk versions prior to 1.2.0 Description: The issue allows attackers to execute malicious scripts in the user's browser, potentially leading to session hijacking, sensitive data exposure, and other consequences. This is achieved through...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

Nextcloud Extract App OS Command Injection Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Extract App is one of the compressed file extractor. An operating system command injection vulnerability exists in Nextcloud Extract App versions prior to 1.2.0. The...

DEBIAN-CVE-2018-20723

A cross-site scripting XSS vulnerability exists in colortemplates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color...

Sensu Core Information Disclosure Vulnerability

Sensu Core is a set of business system monitoring platform from Sensu Corporation. The platform is capable of monitoring servers, services, application network devices, and other remote resources. A security vulnerability exists in the 'Sensu::Utilities.redactsensitive' function in Sensu Core...