26 matches found
SUSE-SU-2026:1952-1 Security update for ovmf
This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...
CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service
SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
Adobe Substance3D Stager 缓冲区错误漏洞
Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...
CVE-2026-23724
CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...
MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...
CVE-2019-20221
In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...
CVE-2019-20220
In Support Incident Tracker SiT! 3.67, the searchid parameter in the searchincidentsadvanced.php page is affected by XSS...
CVE-2023-4995
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2025-58648
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...
CVE-2025-6758
The CVE covers the Real Spaces – WordPress Properties Directory Theme for WordPress, vulnerable to unauthenticated privilege escalation via the imic_agent_register function in all versions up to 3.6. The flaw stems from insufficient restrictions on the registration role, allowing an attacker to s...
CVE-2025-31542
CVE-2025-31542 identifies an authenticated SQL Injection in the WordPress plugin My auctions allegro (free edition). Affected: My auctions allegro
DEBIAN-CVE-2024-25638
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0...
CVE-2024-25407
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...
SUSE-SU-2023:3778-1 Security update for wireshark
This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. bsc1214561 - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. bsc1214560 - CVE-2023-4513: Fixed a bug ...
Super Store Finder SQL Injection Vulnerability
Super Store Finder is an easy-to-use Google Maps API store finder program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v.3.6, which stems from a vulnerability that allows a remote attacker to execute arbitrary code via a carefully crafted...
Super Store Finder SQL注入漏洞
Super Store Finder is an easy to use Google Maps API store finder program Super Store Finder by Super Store Finder. A SQL injection vulnerability exists in Super Store Finder version 3.6, which stems from an incorrect manipulation of the parameter products that can lead to sql injection...
SUSE CVE-2010-3399
The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...
OPENSUSE-SU-2022:0375-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop bsc1194166 - CVE-2021-4184: BitTorrent DHT dissector infinite loop bsc1194167 - CVE-2021-4183: pcapng file parser crash bsc1194168 - CVE-2021-4182: RFC 7468 file parser...
PT-2021-7872 · Offis +5 · Dcmtk +5
Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK versions prior to 3.6.7 Description: The issue is related to a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. This vulnerability is associated with errors in...