16 matches found
CVE-2026-24343 Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions
Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...
GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...
CVE-2025-59355
Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...
Linux Distros Unpatched Vulnerability : CVE-2021-29476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of Requests 1.6.0, 1.6....
GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification
Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...
CVE-2024-51569
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47250
CVE-2024-47250 affects Apache NimBLE (through 1.7.0). The issue is an out-of-bounds read caused by missing validation of the HCI advertising report, which can trigger out-of-bound access while parsing HCI events and may generate bogus GAP “device found” events. The vulnerability requires a broken...
PT-2024-28621 · WordPress · Cooked
Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...
PT-2024-28620 · WordPress · Cooked
Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...
PT-2024-28617 · WordPress · Cooked
Name of the Vulnerable Software and Affected Versions: Cooked versions up to, and including, 1.7.15.4 Description: The Cooked plugin for WordPress is affected by a Cross-Site Request Forgery CSRF issue due to missing or incorrect nonce validation on the AJAX action handler. This could allow an...
PT-2024-28618 · WordPress · Cooked
Name of the Vulnerable Software and Affected Versions: Cooked plugin for WordPress versions up to, and including, 1.7.15.4 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the AJAX action handler. This could allow an attacker to...
PT-2023-25137 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue is related to an SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This occurs in the toAuditCkSql method where the groupId...
PT-2023-5268 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This...
PT-2023-10204 · Unknown · Luelista Miniconf
Name of the Vulnerable Software and Affected Versions: luelista miniConf versions up to 1.7.6 Description: A vulnerability has been found in the component URL Scanning, affecting an unknown functionality of the file miniConf/MessageView.cs. The manipulation leads to denial of service...
PT-2019-12758 · Phpoffice · Phpoffice Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.8.0 Description: The issue arises from the XmlScanner decoding sheet1.xml from an .xlsx file to utf-8 if a different encoding is declared in the header. This was initially intended as a security...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of...