GNU LibreDWG 代码问题漏洞

GNU LibreDWG is a C language library for working with DWG files from the US GNU community. A code issue vulnerability exists in GNU LibreDWG version 0.14 and earlier versions, which stems from a null pointer dereference in the dwgnextentity function of the src/decode.c file in the DWG File Handle...

EUVD-2026-28410

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

CVE-2024-52911

Summary (CVE-2024-52911) : Bitcoin Core up to version 28.x contains a use-after-free memory safety vulnerability in the script validation engine. The issue can allow remote disruption or arbitrary code execution by sending specially crafted blocks with sufficient PoW, potentially crashing nodes o...

CVE-2024-52911

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...

PT-2026-37224

Name of the Vulnerable Software and Affected Versions Bitcoin Core versions 0.14 through 28.x Description A high-severity memory safety issue exists in the script validation engine of the main node software. This use-after-free flaw—a type of memory corruption that occurs when a program continues...

CVE-2025-15535

CVE-2025-15535 affects nicbarker clay up to 0.14, specifically the Clay__MeasureTextCached function in clay.h. The vulnerability is a null pointer dereference that can be triggered locally, with exploitation details published publicly. Various sources (NVD, Red Hat, CIRCL, CVE lists) concur on th...

PT-2026-3383

A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be use...

PT-2025-38638

Name of the Vulnerable Software and Affected Versions Starch versions 0.14 and earlier Description Starch generates session IDs insecurely. The default session ID generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and internal Perl reference...

Starch 安全漏洞

Starch is an HTTP session library by the individual developer Aran Clary. A security vulnerability exists in Starch 0.14 and earlier versions, which stems from insecure session ID generation and could lead to a session hijacking attack...

PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...

CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

PT-2018-13924

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions 0.14.x through 0.14.2 Bitcoin Core versions 0.15.x through 0.15.1 Bitcoin Core versions 0.16.x through 0.16.2 Bitcoin Knots versions 0.14.x through 0.16.2 Description: The issue allows a remote denial of service, which c...

JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting

HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

The vulnerability of the CentOS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the spice-gtk-devel-0.14 package on the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the CentOS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the spice-gtk-python-0.14 package on the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

CentOS Update for python-qpid CESA-2012:1269 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : qpid on SL6.x i386/x86_64 (20120919)

Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol AMQP in several common programming languages. It was discovered that the Qpid daemon qpidd did not allow the number of connections from clients to be restricted. A maliciou...