PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

VulnCheck KEV: CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

Linux Distros Unpatched Vulnerability : CVE-2025-15564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The...

EUVD-2026-4729

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. OAuthSession creates a unique "state" and sends it as a parameter in the authentication request bu...

CVE-2025-62728

CVE-2025-62728 (Apache Hive) : SQL injection in the Hive Metastore Server (HMS) when handling delete column statistics via Thrift APIs. Exploitation is limited to trusted/authorized callers with direct Thrift access; in typical deployments HMS is not publicly exposed and the issue is mitigated if...

CVE-2025-53855

An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

PT-2025-41597

Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0 Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and...

CVE-2025-3241

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the...

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...

MITRE Caldera 安全漏洞

MITRE Caldera is a MITRE open source automated adversarial simulation platform. A security vulnerability exists in MITRE Caldera versions 4.2.0 and earlier and 5.0.0 and earlier, which stems from remote code execution in the Dynamic Proxy Compilation feature and allows an attacker to execute...

CVE-2023-51360

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0...

PYSEC-2024-31

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

UBUNTU-CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...

PT-2024-15387 · Wireshark +1 · Wireshark +1

Name of the Vulnerable Software and Affected Versions: Wireshark version 4.2.0 Description: The issue allows for denial of service via packet injection or crafted capture file, specifically affecting the Zigbee TLV dissector in Wireshark. Recommendations: For Wireshark version 4.2.0, update to a...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue in the src/helpers/Cp.php page...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...

CVE-2022-31598

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity o...