12 matches found
CVE-2026-41862
Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...
DEBIAN-CVE-2026-34380
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...
CVE-2025-23879
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...
PT-2025-50039
Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through = 3.2.0...
CVE-2025-57890
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lannoy Sessions sessions allows Stored XSS.This issue affects Sessions: from n/a through = 3.2.0...
PT-2025-34354 · Unknown · Pierre Lannoy Sessions
Name of the Vulnerable Software and Affected Versions: Pierre Lannoy Sessions versions through 3.2.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-Site Scripting XSS. Recommendations: Update Pierre Lannoy...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.2.0 <=3.2.1), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.2.0 <=3.2.1) +2 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.2.0 <=3.2.1)
org.apache.pulsar:pulsar-broker MAVEN version =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.1 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +130 more potentially affected by CVE-2024-27351 via django (>=3.2.0 <=3.2.24)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2024-27351 Source advisory: OSV:PYSEC-2024-47...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +130 more potentially affected by CVE-2024-24680 via django (>=3.2.0 <=3.2.23)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2024-24680 Source advisory: OSV:GHSA-XXJ9-F6RV-M3X4...
PT-2021-24346 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 3.2.0 through 4.4.0 Description: The issue concerns initializer functions that are invoked separate from contract creation, such as minimal proxies, which may be reentered if they make an untrusted non-view...
Directory Traversal Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A directory traversal vulnerability exists in Joomla! versions 3.2.0 through 3.3.x and 3.4.x before 3.4.6. A remote...
PT-2015-1018 · Linux +5 · Linux +5
Name of the Vulnerable Software and Affected Versions: linux-image versions 3.13.0 through 3.15.x linux-image versions 3.2.0 through 3.15.x Description: The issue is related to the implementation of certain splice write file operations in the Linux kernel, which does not enforce a restriction on...