6771 matches found
python-django: Potential SQL injection in QuerySet.values() and values_list()
A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...
WordPress plugin Click Mag 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin ZoxPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
OpenSearch Dashboards Reports 安全漏洞
OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...
RHEL 8 : nodejs:20 (RHSA-2025:1351)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1351 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
GHSA-V3VC-6QCV-4VRX Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: ar0521 – No overflow occurs when checking PLL values. According to Coverity reports, the PLL checks compare 64-bit integers with 32-bit ones. Depending on the values of the variables, this may lead to underflow. The issue...
Astra Linux - уязвимость в imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...
CVE-2022-29208
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2022-29219
Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...
CVE-2022-41158
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...
CVE-2022-39218
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39327
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
CVE-2024-21522
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8
Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Mobile Security Framework 跨站脚本漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. Mobile Security Framework MobSF suffers...
GO-2025-3433 Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd
Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd...
GO-2025-3437 Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine
Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2025-3431 kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest
kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest...
Class Pollution
Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Class Pollution in the setpropertyvalue function. An attacker can manipulate the Python runtime environment and trigger unintended behaviors by providing malicious values i...