CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds write operation in the startdecoder function found in the file stbvorbis.c, which could lead to remote...

stb 安全漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained security vulnerabilities, which stemmed from resource allocation issues in the setupfree function within the file stbvorbis.c. These vulnerabilities could lead to remote attacks...

Sophos Intercept X 安全漏洞

Sophos Intercept X is an endpoint protection from Sophos UK. It protects against unknown malware, exploits and ransomware. A security vulnerability exists in Sophos Intercept X versions prior to 1.22, which stems from a local elevation of privilege that could result in gaining system privileges...

VulnCheck KEV: CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary...

CVE-2023-1153

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22...

CVE-2023-1154

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22...

CVE-2023-1154 XSS in Pacsrapor

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pacsrapor allows Reflected XSS. This issue affects Pacsrapor: before 1.22...

CVE-2023-1153 SQLi in Pacsrapor

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Pacsrapor: before 1.22...

Pacsrapor SQL注入漏洞

Pacsrapor is an application from Pacsrapor Inc. in the United States. A security vulnerability exists in Pacsrapor versions prior to 1.22, which arises from an unsatisfactory neutralization of a special element and can be exploited by an attacker to execute a command line...

Pacsrapor 跨站脚本漏洞

Pacsrapor is an application from Pacsrapor Inc. in the United States. A security vulnerability exists in Pacsrapor versions prior to 1.22, which arises from incorrect neutralization of input present during web page generation...

PYSEC-2022-43182

The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...

fava 跨站脚本漏洞

fava is the web interface of Beancount, an open source double-entry bookkeeping software from Beancount. A cross-site scripting vulnerability exists in versions prior to fava v1.22, which stems from the time and filter parameters being vulnerable to reflective cross-site scripting...

HP Edgeline Infrastructure Management 访问控制错误漏洞

HPE Edgeline Infrastructure Management is a software from Hewlett-Packard HPE for data center environments to manage Edge devices. An authorization issue vulnerability exists in Edgeline Infrastructure Manager versions prior to 1.22 that stems from a failure to perform adequate authorization...

IPPUSBXD Elevation of Privilege Vulnerability

IPPUSBXD is a daemon for the IPP-over-USB printer support program. A security vulnerability exists in IPPUSBXD versions prior to 1.22, which originates from the program listening on all interfaces. A remote attacker could exploit the vulnerability by sending a direct request to gain access to a...