CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the possibility of storing cross-site scripting attacks when manual modifications...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.7.0 through 0.9.0, which stems from the use of only raw pixel data without including metadata in the image hash method, which...

CVE-2021-28036

An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

cookie 安全漏洞

cookie is an HTTP server cookie parsing and serialization library open-sourced by jshttp. A security vulnerability exists in versions prior to cookie 0.7.0, which stems from a vulnerability that allows an attacker to set other fields of a cookie by manipulating the cookie name, resulting in...

PT-2024-4402 · Apple +2 · Apple Macos +7

Name of the Vulnerable Software and Affected Versions: dav1d versions prior to 1.4.0 libdav1d-sys versions prior to 0.7.0 CoreMedia and WebRTC in Apple devices affected versions not specified Description: The issue is related to an integer overflow in the dav1d AV1 decoder that can occur when...

PT-2024-20116 · Unknown · Apollo-Client-Nextjs +1

Name of the Vulnerable Software and Affected Versions: apollo-client-nextjs versions prior to 0.7.0 Description: The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This issue arises from improper handling of untrusted input when the...

Apollo Cross-Site Scripting Vulnerability

Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload coursework. A cross-site scripting vulnerability exists in Apollo apollo-client-nextjs versions prior to 0.7.0, which stems from mishandling of untrusted...

Velociraptor Cross-Site Scripting Vulnerability

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor versions prior to 0.7.0-4 suffer that stems from the presence of a Reflective Cross-Site Scripting XSS...

PT-2023-6678 · Kareadita · Kavita

Name of the Vulnerable Software and Affected Versions: kareadita/kavita versions prior to 0.7.0 Description: The issue is related to a missing authentication for a critical function in the kareadita/kavita GitHub repository. This could allow a remote attacker to impact the confidentiality and...

kavita 访问控制错误漏洞

kavita is a fast, feature-rich, cross-platform reading server. An access control error vulnerability exists in kavita versions prior to 0.7.0 that stems from a lack of authentication for critical functions...

Tree Kit 安全漏洞

Tree Kit is a toolkit for Cedric Ronvel's personal developers that provides functions that operate with nested object structures. A security vulnerability exists in Tree Kit versions prior to 0.7.0, which stems from a vulnerability that can lead to improperly controlled modification of an object'...

Rust 缓冲区错误漏洞

Rust, a general-purpose, compiled programming language from the Mozilla Foundation, has a security vulnerability in versions prior to Rust metrics-util crate 0.7.0 that can be exploited by attackers to cause memory corruption...