11 matches found
CVE-2026-14178
openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...
PT-2026-36988
Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise-based HTTP client for the browser and Node.js. The HTTP adapter reads five configuration properties—auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser—via direct...
PT-2025-52408
Name of the Vulnerable Software and Affected Versions ABB T-MAC Plus version 4.0-24 Firebox affected versions not specified Description ABB T-MAC Plus is affected by improper neutralization of input during web page generation, which leads to cross-site scripting XSS, a condition where malicious...
Fortinet Issues Fixes as FortiWeb Takeover Flaw Sees Active Attacks
Two FortiWeb vulnerabilities, including a critical unauthenticated bypass CVE-2025-64446, are under attack. Check logs for rogue admin accounts and upgrade immediately...
Debian dsa-6026 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6026 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6026-1 [email protected] https://www.debian.org/security/...
EUVD-2025-25425
Malicious code in bioql PyPI...
EUVD-2024-2240
Malicious code in bioql PyPI...
CVE-2025-34158
Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...
CVE-2022-34381
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted...
UBUNTU-CVE-2022-39290
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CS...
CVE-2021-43099
An Archive Extraction AKA "Zip Slip vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal...