14 matches found
CVE-2026-10725
Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...
OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...
CVE-2026-25155
CVE-2026-25155 affects Qwik-related packages where a typo in the isContentType regular expression caused improper parsing of Content-Type headers in related CSRF protection middleware (notably in qwik-city). Affected versions before 1.12.0 are vulnerable; the issue was patched in version 1.12.0. ...
EUVD-2025-202998
The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-1572
A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...
SUSE CVE-2024-54131
The Kolide Agent aka: Launcher is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent known as launcher allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started...
DEBIAN-CVE-2020-6106
An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...
Unspecified Vulnerability in Software- und Organisations-Service SOS JobScheduler
Software- und Organisations-Service SOS JobScheduler is a suite of open source, enterprise-class scheduling and process automation software from Software- und Organisations-Service, Germany. A security vulnerability exists in the JOE Job Editor component of Software- und Organisations-Service SOS...
CVE-2020-5559
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Red Hat CVS Command Injection Vulnerability
CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...
PT-2017-3344
Name of the Vulnerable Software and Affected Versions CVS versions 1.12.x git-annex versions prior to 6.20170818 Description The issue is related to the improper handling of data when interacting with a remote repository over SSH. This could allow a remote attacker to execute arbitrary code by...
DEBIAN-CVE-2016-5353
epan/dissectors/packet-umtsfp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service application crash via a crafted packet...
Wireshark 'epan/packet.c' Remote Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability exists in the dissector-table implementation in the epan/packet.c file in Wireshark versions 1.12.7 prior to 1.12.x. The vulnerability can be exploited to...
UBUNTU-CVE-2015-6243
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the 1 dissectorgetstringhandle and 2...