13 matches found
CVE-2026-31378
The CVE relates to an Improper Input Validation vulnerability in Apache OFBiz . Affected software is Apache OFBiz versions before 24.09.06 . The issue’s root cause is input validation weaknesses, allowing potential impact as described in the linked records. The recommended remediation is to upgra...
CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution
Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...
Drupal 11.0.x < 11.1.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...
Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. This functionality can be abused in a way that may cause Drupal to cache response data that it should not. This can lead to legitimate requests...
ALSA-2025:18154 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709...
CVE-2023-39296
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
Qnap QTS Prototype Pollution (CVE-2023-39296)
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
CVE-2023-39296
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
CVE-2023-39296
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
CVE-2023-39296
CVE-2023-39296 is a prototype pollution vulnerability affecting QNAP QTS and QuTS hero. The issue allows overriding existing attributes with incompatible types, potentially causing a crash over a network (no user interaction required). Official analysis and multiple feeds confirm the affected pro...
CVE-2023-39296 QTS, QuTS hero
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the...
TypeStack class-validator SQL Injection Vulnerability
TypeStack class-validator is a class validator. A SQL injection vulnerability exists in TypeStack class-validator version 0.10.2, which can be exploited to bypass security checks by injecting attribute entries into user input to override internal attribute entries with the same name...