9 matches found
@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-33527 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-33527 Source advisory: OSV:GHSA-JC39-686J-WP6Q...
Rustfs log information leakage vulnerability
RustFS is a high-performance object storage system developed by RustFS. Versions 1.0.0-alpha.1 to 1.0.0-alpha.79 of RustFS contain a vulnerability related to log information leakage. This vulnerability arises from invalid RPC signatures, which allow the server to record shared HMAC keys,...
CVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
Improper Ownership Management
Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...
Zabbix Security Vulnerabilities
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix Server, which stems from a vulnerability that allows an attacker to execute arbitrary code on...
africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4) +37936 more potentially affected by CVE-2022-24823 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.76.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves:...
GHSA-3XGX-R9J4-QW9W Prototype Pollution in Dexie
Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...
Dexie 安全漏洞
Dexie is a wrapper library for indexedDB a standard database in the browser that provides a clean database API. A security vulnerability exists in Dexie versions prior to 3.2.2, 4.0.0-alpha.1 through 4.0.0-alpha.3, which can be exploited by an attacker to cause a Denial of Service DoS attack...
com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2019-20445 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)
io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2019-20445 Source advisory: OSV:GHSA-P2V9-G2QV-P635...