13 matches found
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...
CVE-2026-41673
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...
CLEANSTART-2026-CE02533 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2025-62820, CVE-2026-30836, CVE-2026-33186, ghsa-p77j-4mvh-x3m3, ghsa-q4r8-xm5f-56gw applied in versions: 0.10.1-r0, 0.9.10-r0, 0.9.9-r0, 0.9.9-r1
Multiple security vulnerabilities affect the step-issuer package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-11287 samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...
CVE-2025-53013
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...
SUSE CVE-2025-53013
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...
Himmelblau 授权问题漏洞
Himmelblau is an Azure Entra ID authentication module open-sourced by Himmelblau. An authorization issue vulnerability exists in Himmelblau versions 0.9.10 to 0.9.16, which stems from an invalid Linux Hello PIN authentication that can be used while offline...
WordPress plugin Spiritual Gifts Survey 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-22797 · Apache +1 · Apache Guacamole +1
Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 0.9.10 through 1.5.1 Description: The issue allows an attacker to execute arbitrary code with the privileges of the guacd process, depending on timing, as Apache Guacamole may continue to reference a freed RDP audio...
SUSE CVE-2006-3631
Unspecified vulnerability in the SSH dissector in Wireshark aka Ethereal 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service infinite loop via unknown attack vectors...
org.apache.guacamole:guacamole-ext (>=0.9.10-incubating <=0.9.14) potentially affected by CVE-2018-1340 via org.apache.guacamole:guacamole-common (>=0.9.10-incubating <=0.9.14)
org.apache.guacamole:guacamole-common MAVEN version =0.9.10-incubating, =0.9.10-incubating, =0.9.14 Source cves: CVE-2018-1340 Source advisory: OSV:GHSA-WR7R-VG3C-54R5...
GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack. The pamakesecuredir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd- temporary file. Remediation...