11 matches found
JLSEC-2026-144
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...
CVE-2025-13003
CVE-2025-13003 describes an Authorization Bypass Through User-Controlled Key in AxOnboard (Aksis Computer Services and Consulting Inc.), affecting version 3.2.0 up to 3.3.0. The root cause is not detailed beyond the user-controlled key enabling exploitation of trusted identifiers. Documented impa...
Aksis AxOnboard 安全漏洞
Aksis AxOnboard is a human resource management software from the Turkish company Aksis. A security vulnerability exists in Aksis AxOnboard version 3.2.0 up to and including version 3.3.0, which originates from a user-controllable key leading to an authorization bypass that could exploit trusted...
CVE-2020-5026
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...
SUSE CVE-2021-39921
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...
PT-2022-3726
Name of the Vulnerable Software and Affected Versions Apache Spark versions 3.0.3 and earlier Apache Spark versions 3.1.1 to 3.1.2 Apache Spark versions 3.2.0 to 3.2.1 Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an...
com.aerse:gcless (=11.2), com.aerse:spring-security-taglib (=1.1) +344 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.2.0.RELEASE <=3.2.1.RELEASE)
org.springframework.security:spring-security-core MAVEN version =3.2.0.RELEASE, =3.3.2, =1.0.6, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =1.8.2, =1.8.3 and more Source cves: CVE-2014-0097 Source advisory: OSV:GHSA-GV9V-C375-HVMG...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.0.1) +71 more potentially affected by CVE-2022-28347 via django (>=3.2.0 <=3.2.12)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =6.4.1 - coldfront =1.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...
0x-hunter-core (>=1.0.0-33 <=1.0.0-38), 1155-to-20 (>=1.0.0 <=1.0.2) +2709 more potentially affected by CVE-2021-46320 +1 more via @openzeppelin/contracts (>=3.2.0 <=4.4.0)
@openzeppelin/contracts NPM version =3.2.0, =1.0.0-33, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.9.1, =3.24.7, =1.7.2, =3.10.3, =0.0.2, =1.4.1, =1.0.0, =1.12.0 - @0xkkkkkkkkkkkkkkk/dodo =2.0.1 and more Source cves: CVE-2021-46320, CVE-2022-39384 Source advisory: OSV:GHSA-9C22-PWXW-P6HX...
aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1097 more potentially affected by CVE-2021-35042 via django (>=3.2.0 <=3.2.4)
django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-35042 Source advisory: OSV:GHSA-XPFP-F569-Q3P2...
com.feelercloud:esap-mesh (=2.0.32), com.github.arucard21.simplyrestful:simplyrestful-jetty (=0.5) +439 more potentially affected by CVE-2018-8039 via org.apache.cxf:cxf-rt-transports-http (>=3.2.0 <=3.2.4)
org.apache.cxf:cxf-rt-transports-http MAVEN version =3.2.0, =0.0.1, =1.0.3, =1.0.3, =1.0.0.RELEASE, =2.6.0, =2.0.0, =1.3.0-RELEASE, =2.0.1-RELEASE - de.alpharogroup:gen-db-core =0.9.3 - de.alpharogroup:gen-db-sources =0.9.3 and more Source cves: CVE-2018-8039 Source advisory: OSV:GHSA-JC7R-V6FG-2...