Binwalk 路径遍历漏洞

Binwalk is a fast and easy-to-use tool open sourced by ReFirm Labs. It is used for analysis, reverse engineering, and extracting firmware images. Versions of Binwalk 2.4.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of the parameter self.filena...

WordPress plugin Homey Core has a cross-site scripting vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13183

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hotech Software Inc. Otello allows Stored XSS. This issue affects Otello: from 2.4.0 before 2.4.4...

WordPress plugin WooCommerce Store Toolkit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

EUVD-2025-25518

Malicious code in bioql PyPI...

WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Printcart Web to Print Product Designer for WooCommerce versions = 2.4.7...

CVE-2025-26744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows DOM-Based XSS.This issue affects JetBlog: from n/a through = 2.4.3...

PT-2023-31684 · Stylemixthemes · Stylemixthemes Booking Calendar

Name of the Vulnerable Software and Affected Versions: StylemixThemes Booking Calendar | Appointment Booking | BookIt versions n/a through 2.4.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allo...

SUSE CVE-2019-3773

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

SUSE CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...

CVE-2022-34258 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

PYSEC-2021-759

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

PT-2021-21768 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation for tf.raw ops.BoostedTreesCreateEnsemble can result in a use...

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure External Authentication Server

Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure External Authentication Server. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServl...

Ruby 'lazy_initialize' function command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A command injection vulnerability exists in the 'lazyinitialize' function in the lib/resolv.rb file in Ruby 2.4.3 and earlier versions. An attacker can...

BSA-2017-378

Security Advisory ID : BSA-2017-378 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Affected Products Brocade is investigating its product lines to determine which products...

OpenVPN Denial of Service Vulnerability (CNVD-2017-14887)

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...