SUSE CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the lack of exposure of the HMAC-SHA256 signing key in the SDK's typed API, which prevents verification of the X-AxonFlow-Signature header on incoming webhook deliveries. An attack...

Vision Helpdesk 安全漏洞

Vision Helpdesk is a customer service software developed by Vision Helpdesk Company in India. Versions of Vision Helpdesk prior to 5.7.0 contained security vulnerabilities, which were caused by improper handling of serialized cookie data. This vulnerability could lead to the reading of user...

EUVD-2019-19315

Malware in sbrugna...

EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2021-8163

Malicious code in bioql PyPI...

EUVD-2022-25171

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-1714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically,...

Linux Distros Unpatched Vulnerability : CVE-2022-1899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. CVE-2022-1899 Note that Nessus relies on the presence of the package as reported by th...

PT-2024-35740 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.7.0 Description: The issue is related to SQL injection in the EventAttendance.php file. An attacker can exploit this by manipulating the Event parameter, which is directly interpolated into the SQL query without proper...

Fault Injection

Overview Affected versions of this package are vulnerable to Fault Injection through the RsaPrivateDecryption function. An attacker can disclose sensitive information and escalate privileges by exploiting the Rowhammer fault injection technique to manipulate the RsaKey structure. Remediation...

OPENSUSE-SU-2024:12173-1 radare2-5.7.0-1.1 on GA media

These are all security issues fixed in the radare2-5.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-HVXG-77MG-VRVP Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

PT-2024-26951 · Mattermost · Mattermost Desktop App

Name of the Vulnerable Software and Affected Versions: Mattermost Desktop App versions =5.7.0 Description: The issue allows for bypassing TCC restrictions on macOS due to the failure to disable certain Electron debug flags. Recommendations: For Mattermost Desktop App versions =5.7.0, update to a...

PT-2024-1246 · Microsoft +6 · Identity +6

Name of the Vulnerable Software and Affected Versions: Microsoft Identity versions prior to 5.7.0 Microsoft Identity versions prior to 6.34.0 Microsoft Identity versions prior to 7.1.2 Description: The issue is related to incorrect clearing or release of resources in the Microsoft Identity librar...

VulnCheck KEV: CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure

Software Media File Renamer Type Plugin Vulnerable versions = 5.6.9 Fixed in 5.7.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8e129aba6bd Credits Joshu...

Knot Resolver < 5.7.0 DoS Vulnerability

Knot Resolver is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nic:knotresolver...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...