20 matches found
CVE-2026-40242 Arcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...
SUSE CVE-2026-31973
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...
CVE-2026-32709
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...
CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...
EUVD-2025-208437
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-58927 WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...
WordPress plugin Soleil 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-52078
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...
CVE-2025-58691
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through = 1.17...
CVE-2025-58224 WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0...
SUSE CVE-2025-51480
Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...
libheif Security Vulnerabilities
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. A security vulnerability exists in libheif version v1.17.5, which stems from the discovery of a containment segmentation violation via the function UncompressedImageCodec::decodeuncompressedimage...
DEBIAN-CVE-2023-5176
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 118, Firefox ESR...
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...
PT-2023-10345 · Dd-Plist · Dd-Plist
Name of the Vulnerable Software and Affected Versions: 3breadt dd-plist version 1.17 Description: A vulnerability was found in the software, classified as problematic, affecting some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached...
CVE-2022-37144
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...
PT-2022-4638 · Go +9 · Compress/Gzip +9
Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...
PYSEC-2022-211
Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...
JetBrains Toolbox Data Forgery Issue Vulnerability
JetBrains Toolbox is a JetBrains product management application from the Czech company JetBrains. A security vulnerability exists in version 1.17 of JetBrains ToolBox prior to 1.17.6856. No details of the vulnerability are provided at this time...
PT-2008-6280 · Os-Prober +1 · Os-Prober +1
Name of the Vulnerable Software and Affected Versions: os-prober version 1.17 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/mounted-map or /tmp/raided-map temporary file. The vendor disputes this issue, stating that the insecure code path...