15 matches found
Yamaha SR-B30A 安全漏洞
The Yamaha SR-B30A is a bar-style audio device produced by the Japanese company Yamaha. Version 2.40 of the Yamaha SR-B30A contains a security vulnerability. This vulnerability stems from the Bluetooth low-power control interface, which allows unauthorized connections without authentication. This...
PT-2026-30816
Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...
Unauthorized npm publish of [email protected] with modified postinstall script
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...
CVE-2025-70310
A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...
CVE-2025-49975 WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0...
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll...
Microsoft Azure 操作系统命令注入漏洞
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An operating system command injection vulnerability exists in Microsoft Azure CLI versions prior to 2.40.0, which originates from a host running Azure CLI commands where the parameter...
complaintclassify (=0.0.9) potentially affected by CVE-2021-29542 via tensorflow-cpu (=2.4.0)
tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29542 Source advisory: OSV:GHSA-4HRH-9VMP-2JGG...
OpenJPEG integer overflow vulnerability (CNVD-2021-30596)
OpenJPEG is an open source JPEG 2000 codec written in C language . An integer overflow vulnerability exists in OpenJPEG version v2.4.0. An attacker can exploit the vulnerability by using the command line option "-ImgDir" on a directory containing 1048576 files to crash the program...
PT-2020-4581 · Adobe · Magento Commerce
Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.3.4 and earlier Magento Commerce version 2.4.0 Description: The issue exists due to insufficient input validation, potentially allowing a remote attacker to access confidential information. In maintenance mode, an...
Chat Anywhere extension for Chrome cross-site scripting vulnerability
Chat Anywhere extension for Chrome is an online chat plugin for use in Google Chrome. A cross-site scripting vulnerability exists in the Chat Anywhere extension for Chrome version 2.4.0, which stems from the danmuWrapper DIV element in the chatbox-only\danmu.js file being out of the scope of the...
CVE-2017-13993
An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path...
XnView Classic for Windows Arbitrary Code Execution Vulnerability (CNVD-2017-32592)
XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A security vulnerability exists in version 2.40 of XnView Classic for Windows...
UBUNTU-CVE-2017-13766
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...
XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14515)
XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...