CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

EUVD-2021-11920

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-3204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file...

CVE-2023-50856

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit –...

CVE-2022-30288

Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors...

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Paid Member Subscriptions versions = 2.14.3...

OPENSUSE-SU-2024:14493-1 icinga2-2.14.3-1.1 on GA media

These are all security issues fixed in the icinga2-2.14.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

CVAT Security Vulnerabilities

CVAT is an interactive video and image annotation tool for computer vision. A security vulnerability exists in CVAT Computer Vision Annotation Tool version 2.1.0 through versions prior to 2.14.3. An attacker can exploit the vulnerability to obtain sensitive information...

DEBIAN-CVE-2024-3204

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...

DEBIAN-CVE-2024-3203

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2024-3204

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...

CVE-2024-3204 c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...

CVE-2023-50856

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit –...

PT-2023-31688 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder for WordPress versions through 2.14.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitati...

@makerdao/testchain-client (>=0.0.1 <=0.3.0-beta.0) potentially affected by CVE-2021-46871 via phoenix_html (=2.14.3)

phoenixhtml NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on phoenixhtml and may be impacted: - @makerdao/testchain-client =0.0.1, =0.3.0-beta.0 Source cves: CVE-2021-46871 Source advisory: OSV:GHSA-5G2H-9X5V-5H3X...

WordPress Code Snippets Plugin <= 2.14.3 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...