CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

Linux Distros Unpatched Vulnerability : CVE-2017-16042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command...

OctoPrint 安全漏洞

OctoPrint is an open source application from OctoPrint. Provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint version 1.10.2 and prior versions. An attacker exploiting this vulnerability could retrieve or modify sensitive configuration...

phlex 安全漏洞

phlex is a framework for building object-oriented views in Ruby. A security vulnerability exists in Phlex versions prior to 1.10.2, which stems from maliciously generated HTML attribute names and values in Phlex that could lead to cross-site scripting...

SUSE CVE-2016-9809

Off-by-one error in the gsth264parsesetcaps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read...

SUSE CVE-2016-9813

The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted file...

CVE-2020-7742

This affects the package simpl-schema before 1.10.2...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2019-13853)

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in the airflow webserver servi...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2018-07903)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the /scp/index.php file in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'sor...

Enhancesoft osTicket Arbitrary Password Reset Vulnerability

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A security vulnerability exists in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit the vulnerability to reset arbitrary passwords...

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in /ajax.php/form/help-topic in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the he...

gstreamer: Invalid memory read in g_type_check_instance_is_fundamentally_a

The gstdecodechainfreeinternal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service invalid memory read and crash via an invalid file, which triggers an incorrect unref call...

UBUNTU-CVE-2016-9634

Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via the startline parameter...

CVE-2016-9634

Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via the startline parameter...

CVE-2016-9810

The gstdecodechainfreeinternal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service invalid memory read and crash via an invalid file, which triggers an incorrect unref call...

wireshark: MQ dissector crash (wnpa-sec-2013-58, upstream bug 9079)

The dissectmqrr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service application crash via a crafted packet...