11 matches found
UBUNTU-CVE-2026-54592
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...
BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
CVE-2026-49871
CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...
PT-2026-50883
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...
CVE-2026-39969
TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...
ROOT-OS-ALPINE-317-CVE-2024-28182 CVE-2024-28182 in rootio-nghttp2 - Patched by Root
Root has patched CVE-2024-28182 in the rootio-nghttp2 package for Root:Alpine:3.17. Multiple fixed versions available...
WordPress plugin Smush Image Compression and Optimization 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
iperf 安全漏洞
iperf is an ESnet open source tool for actively measuring the maximum bandwidth achievable on an IP network. A security vulnerability exists in iperf version v3.17.1, which stems from a segment error in the iperfexchangeparameters function...
WordPress plugin Hack-Info 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2022-34938 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: The issue is related to a possible NULL dereference in the skb clone function. This problem was introduced in version v3.17 and is fixed in Linux Kernel version v6.0.6. The actual impact and...
UBUNTU-CVE-2020-15917
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...