14 matches found
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 13.7 to 18.9.7, ...
JLSEC-2026-227 openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
CVE-2026-27623
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...
CVE-2025-24447
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. Exploitation of this issue does...
MongoDB Server 安全漏洞
MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication, and automatic failover. A security vulnerability exists in MongoDB Server that stems from a failure to check the...
CVE-2024-38675
CVE-2024-38675 is an Arkhe Blocks (WordPress) vulnerability: improper input neutralization enabling Stored XSS in Arkhe Blocks versions up to 2.22.1. Exploitation details are not provided in the sources; remediation/fix version is not clearly stated. Patch status in the materials is not definitiv...
PT-2024-1286
Name of the Vulnerable Software and Affected Versions GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description The issue is related to an incorrect restriction of the path name to a directory with...
SUSE CVE-2016-9854
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...
OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
PYSEC-2021-496
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...
2vyper (=0.3.0), async-web3 (>=0.1.0 <=0.3.1) +11 more potentially affected by unknown CVE via vyper (>=0.1.0b12 <=0.2.8)
vyper PYPI version =0.1.0b12, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =2.0.24, =0.1.2b2, =0.1.0, =0.2.4 Source cves: unknown CVE Source advisory: OSV:GHSA-375M-5FVV-XQ23...
mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
PHPAccounts 0.5 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/24572/info PHP Accounts is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. PHP Accounts 0.5 is vulnerable;...