Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SWSDfldsrch function. An attacker can execute arbitrary code or cause a denial of service by providing crafted input that triggers a heap-based buffer overflow. Remediation Upgrade gdal to version 3.12....

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDnentries function. An attacker can execute arbitrary code or cause a denial of service by providing a specially crafted DataFieldName argument. Remediation Upgrade gdal to version 3.12.4 or higher...

Align My Invisalign App 安全漏洞

Align My Invisalign App is an application developed by Align Company, designed to support orthodontic treatment. Version 3.12.4 of Align My Invisalign App contains a security vulnerability, which stems from the use of hardcoded encryption keys for the parameter CDAACCESSTOKEN...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000830 advisory. The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtai...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001881 advisory. The x25recvmsg function in net/x25/afx25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has be...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002205)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002205 advisory. The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure ha...

CVE-2025-67578

Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...

CVE-2025-67578

Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...

CVE-2025-67578

CVE-2025-67578 : WordPress WP Email Capture plugin (wp-email-capture) <= 3.12.4 has a Missing Authorization flaw due to incorrectly configured access controls. This could allow unauthorized access/modification of data. The issue is documented as patched in Wordfence Intelligence; remediation i...

CVE-2025-67578 WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...

EUVD-2025-25180

Malicious code in bioql PyPI...

EUVD-2024-2661

Malicious code in bioql PyPI...

MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

GHSA-8XFQ-7F6M-MPMF MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-51488

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...

CVE-2022-33116

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform aka openeclass v3.12.4 and below allows attackers to read arbitrary files via a directory traversal...

CVE-2024-34343

Nuxt.js navigateTo is vulnerable to XSS due to faulty handling of the javascript: protocol. The issue stems from how Nuxt uses unjs/ufo for URL parsing: the sequence tests for a protocol, then parses with parseURL, but parsing javascript:alert(1) can return null/empty, and whitespace isn’t stripp...

CVE-2024-34343 Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...

Python Access Control Vulnerability (May 2024) - Windows

Python is prone to an access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...