16 matches found
Astra Linux - уязвимость в openexr
A flaw was discovered in OpenEXR’s B44 uncompression functionality in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting the availability of the application...
CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
EUVD-2018-1911
Malware in sbrugna...
EUVD-2023-43684
Malicious code in bioql PyPI...
EUVD-2022-29927
Malicious code in bioql PyPI...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...
Strapi CMS Unauthenticated Password Reset
This module abuses the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4 to change the password of the admin user. Successfully tested against Strapi CMS version 3.0.0-beta.17.4. Module Options msf use auxiliary/scanner/http/strapi3passwordreset msf...
WordPress plugin BigBlueButton 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
BigBlueButton <= 3.0.0-beta.4 - Reflected XSS
Description The plugin does not sanitise and escape the username and tempentrypass parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2022-17167 · Candidats · Candidats
Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Beta Description: The issue allows an authenticated user to inject SQL queries through specific API endpoints, including '/index.php?m=settings&a=show' via the userID parameter, '/index.php?m=candidates&a=show' via the...
Strapi CMS 3.0.0-beta.17.4 Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...
AZL-44244 CVE-2021-3479 affecting package OpenEXR 2.3.0-6
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability...
UBUNTU-CVE-2021-3478
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability...
LIM OpenEXR Integer Overflow Vulnerability
OpenEXR is an open-standard, high dynamic range image format that is widely used in computer graphics to store image data, but can also store some data needed for post-synthesis processing. An integer overflow vulnerability exists in versions prior to LIM OpenEXR 3.0.0-beta, which can be exploite...
Authentication flaw
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any...
LimeSurvey Cross-Site Request Forgery Vulnerability
LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site request forgery vulnerability exists in Boxes in LimeSurvey version...