7 matches found
CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
PT-2024-28615 · Apache · Apache Pinot
Name of the Vulnerable Software and Affected Versions: Apache Pinot versions 0.1 through 1.0.0 Description: The issue affects Apache Pinot, allowing the exposure of sensitive information to unauthorized actors. When a request is made to the /appconfigs path, it can lead to the disclosure of syste...
PT-2023-10323 · Composer · Composer
Name of the Vulnerable Software and Affected Versions: Composer versions through 1.0.0-alpha11 Description: The issue allows cache poisoning from other projects built on the same host, resulting in attacker-controlled code entering a server-side build process. This occurs because of the way that...
PT-2023-10125 · Agnivade · Easy-Scrypt
Name of the Vulnerable Software and Affected Versions: agnivade easy-scrypt versions prior to 1.0.0 Description: A vulnerability was found in agnivade easy-scrypt, affecting the VerifyPassphrase function of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexit...
PT-2023-10197 · Unknown · Dbrisinajumi D2Files
Name of the Vulnerable Software and Affected Versions: DBRisinajumi d2files versions prior to 1.0.0 Description: A critical vulnerability has been found in DBRisinajumi d2files, affecting the actionUpload/actionDownloadFile function of the file controllers/D2filesController.php. This vulnerabilit...
PT-2022-18347 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered, which can be triggered by a crafted packet via the function sub 12168. Recommendations: For versions...