CVE-2026-28527

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

AZL-71503 CVE-2025-66453 affecting package rhino 1.7.7.1-2

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

CVE-2025-59397

Open Web Analytics OWA before 1.8.1 allows owadb.php vvalue SQL injection...

GHSA-6W8R-XGQQ-QG6G Open Web Analytics Server is vulnerable to SQL Injection

Open Web Analytics OWA before 1.8.1 allows SQL injection...

CVE-2025-59397

Open Web Analytics OWA before 1.8.1 allows owadb.php vvalue SQL injection...

CVE-2025-59397

CVE-2025-59397 concerns Open Web Analytics (OWA) prior to 1.8.1. The vulnerability is a SQL injection in the owa_db.php component via a v[value] input, impacting potentially data confidentiality as per the CVSS metrics (Confidentiality Impact: Low; no other impacts). Affected product/version: Ope...

Open Web Analytics Server SQL注入漏洞

Open Web Analytics Server is Open Web Analytics open source alternative for commercial web analytics tools such as Google Analytics. A SQL injection vulnerability exists in versions of Open Web Analytics Server prior to 1.8.1 that stems from vulnerability to SQL injection attacks...

CVE-2025-59397

Open Web Analytics OWA before 1.8.1 allows owadb.php vvalue SQL injection...

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.

...

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

DocuSeal 安全漏洞

DocuSeal is an open source platform from DocuSeal, Inc. that provides secure and efficient digital document signing and processing. A security vulnerability exists in DocuSeal versions prior to 1.8.1 that stems from a user interface critical information misrepresentation vulnerability that allows...

PT-2024-26893 · Dbt-Core · Dbt-Core

Name of the Vulnerable Software and Affected Versions: dbt-core versions prior to 1.6.15 dbt-core versions prior to 1.7.15 dbt-core versions prior to 1.8.1 Description: The issue arises from binding to INADDR ANY 0.0.0.0 or IN6ADDR ANY ::, which exposes the application on all network interfaces,...

Litespeed Technologie OpenLiteSpeed 安全漏洞

Litespeed Technologie OpenLiteSpeed is an open source web server from Litespeed Technologie. A security vulnerability exists in versions of OpenLiteSpeed prior to 1.8.1 that stems from an inability to properly handle chunked encoding...

AZL-35097 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

SUSE CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

PT-2022-27272 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.8.1 Description: Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component, allowing an attacker to run remote code...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go that stems from a decoding stack overflow due to a large amount of PEM data. The following products and versions are affected:...

Wordpress Plugin CLUEVO LMS, E-Learning Platform 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-3570

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...