simpleble 安全漏洞

SimpleBLE is an open-source cross-platform Bluetooth low-power library and multilingual binding tool developed by SimpleBLE. Versions of SimpleBLE prior to 0.14.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack overflow issue in the dongl backend’s...

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-44514

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

GO-2026-4499 Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs

Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

html2pdf.js 跨站脚本漏洞

html2pdf.js is a software that converts html to pdf by the individual developer Erik Koopmans. A cross-site scripting vulnerability exists in versions of html2pdf.js prior to 0.14.0, which stems from a text source that is not sufficiently cleaned up, and could lead to cross-site scripting attacks...

AZL-57362 CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

CVE-2022-36125

It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

CVE-2022-35724

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses this issue...

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

PT-2021-23080 · Elvish · Elvish

Name of the Vulnerable Software and Affected Versions: Elvish versions prior to 0.14.0 Description: Elvish is a programming language and interactive shell. The web UI backend, started by elvish -web, hosts an endpoint that allows executing code sent from the web UI. However, the backend does not...

Brave denial of service vulnerability

Brave is a Web browser product from Brave Software, Inc. in the United States. A security vulnerability exists in versions of Brave prior to 0.14.0 on Linux or other platforms, which stems from a failure to properly handle long URLs and can be exploited to cause a denial of service application ha...