20 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OIDC token exchange process. An attacker can obtain tokens for unauthorized clients or reuse expired authorization codes by submitting a valid authorization code with a different client ID or by using an...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via improper validation of the redirecturi parameter. An attacker can intercept authorization codes by crafting a malicious authorization link that leverages userinfo/host confusion, causing the code to be sent to an...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via improper validation of the redirecturi parameter. An attacker can intercept authorization codes by crafting a malicious authorization link that leverages userinfo/host confusion, causing the code to be sent to an...
PT-2025-45057
Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below Description LinkAce is a self-hosted archive to collect website links. The social media sharing functionality contains a Stored Cross-Site Scripting XSS issue that allows an authenticated user to inject arbitra...
CVE-2025-54539
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
EUVD-2025-34726
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability...
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
CVE-2025-54539
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
CVE-2025-54539 Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
CVE-2025-54539 Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
Arbitrary File Upload
Overview simogeo/filemanager is an open-source file manager. This package is DEPRECATED. Affected versions of this package are vulnerable to Arbitrary File Upload via the isallowedfiletype function. An attacker can achieve remote code execution by uploading a specially crafted PHP file. Remediati...
Arbitrary File Upload
Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Arbitrary File Upload via the LightningApp when running on a Windows host at the /api/v1/uploadfile/ endpoint. An attacker...
Security Bulletin: CVE-2021-23337
Summary Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command...
AZL-9852 CVE-2022-29217 affecting package python-jwt for versions less than 2.4.0-1
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...
PYSEC-2022-202
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...
PT-2022-7130 · Pypi +4 · Pyjwt +4
Name of the Vulnerable Software and Affected Versions: PyJWT versions prior to 2.4.0 Description: The issue is related to the implementation of JWT in Python PyJWT, where an attacker can exploit the lack of restrictions on certain open key formats. This allows a remote attacker to impact the...
PT-2022-10721 · Eprosima +2 · Eprosima Fast Dds +2
Name of the Vulnerable Software and Affected Versions: eProsima Fast DDS versions prior to 2.4.0 Description: The issue allows an attacker to send a specially crafted packet to flood a target device with unwanted traffic. This may result in a denial-of-service condition and information exposure...
PT-2021-17146 · Markdown2 +1 · Markdown2 +1
Name of the Vulnerable Software and Affected Versions: markdown2 versions 1.0.1.18 through 2.3.x Description: The issue allows an attacker to cause a denial of service by providing a malicious string, making markdown2 processing difficult or delayed for an extended period. This occurs due to a...
PT-2023-17148 · Gpac +2 · Gpac +2
Name of the Vulnerable Software and Affected Versions: gpac/gpac versions prior to 2.4.0 Description: The issue is related to a Denial of Service in the GitHub repository gpac/gpac. Recommendations: For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue...