5 matches found
PYSEC-2025-88
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.Users are recommended to upgrade to version 2.0.5, which fixes the issue...
CVE-2025-48459
CVE-2025-48459 concerns Apache IoTDB, where deserialization of untrusted data could be exploited via attacker-controlled serialized objects. Affected: IoTDB 1.0.0 up to, but not including, 2.0.5. Reports across multiple sources describe potential ability to execute arbitrary code or alter server ...
PYSEC-2023-285
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...
PT-2023-16635 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.0.5 Description: The issue is related to Cross-site Scripting XSS - Reflected. This is a type of security vulnerability that occurs when an application includes user input in its output without proper...
PT-2019-14585 · Zulip · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip server versions prior to 2.0.5 Description: The issue concerns the Markdown parser in the Zulip server, which used a regular expression vulnerable to exponential backtracking. This could allow a logged-in user to send a crafted message,...