313 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-4245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means...
Friday Squid Blogging: A Case of Squid Fossil Misidentification
What scientists thought were squid fossils were actually arrow worms...
SUSE CVE-2025-49011
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow'ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
SpiceDB 安全特征问题漏洞
SpiceDB is a fine-grained permissions database from the Authzed team. A security feature issue vulnerability exists in SpiceDB versions prior to 1.44.2, which stems from a schema evaluation issue involving arrow relationships that could result in an incorrect response...
GHSA-WV8J-M3HX-924J Arrow2 allows out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
aggregation-agent (>=0.1.2 <=0.1.11), airflow-add-ons (>=0.2.7 <=0.2.15) +125 more potentially affected by CVE-2025-5279 via redshift-connector (>=2.0.888 <=2.1.2)
redshift-connector PYPI version =2.0.888, =0.1.2, =0.2.7, =0.0.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.1.0, =3.1.0rc1, =1.0.0, =1.0.4 - arrowjet =0.1.0 and more Source cves: CVE-2025-5279 Source advisory: OSV:GHSA-R244-WG5G-6W2R...
CVE-2024-52338
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...
CVE-2023-44264
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...
CVE-2023-45003
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin = 2.2.0 versions...
CVE-2023-46077
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin = 2.2.5 versions...
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
Out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
CVE-2025-31897
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...
WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Arrow Custom Feed for Twitter versions = 1.5.3...
CVE-2025-31897
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...
CVE-2025-31897
CVE-2025-31897 affects the Arrow Custom Feed for Twitter WordPress plugin. The vulnerability is a Stored XSS due to improper neutralization of input during web page generation, with affected versions from n/a up to 1.5.3. The Wordfence detail shows this variant as Arrow Custom Feed for Twitter
CVE-2025-31897 WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter arrow-twitter-feed allows Stored XSS.This issue affects Arrow Custom Feed for Twitter: from n/a through = 1.5.3...
CVE-2025-31897 WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3...
WordPress plugin Arrow Custom Feed for Twitter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-28858
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arrow Plugins Arrow Maps ap-google-maps allows Reflected XSS.This issue affects Arrow Maps: from n/a through = 1.0.9...