EUVD-2026-19537

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

OpenBao 日志信息泄露漏洞

OpenBao is an OpenBao open source sensitive data management software. A log information disclosure vulnerability exists in OpenBao versions prior to 2.4.2, which stems from audit logs that are not properly edited for byte array response parameters, which could lead to sensitive data disclosure...

CVE-2022-2040

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

AZL-27502 CVE-2022-40896 affecting package python-pygments for versions less than 2.4.2-1

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

OpenTSDB 注入漏洞

OpenTSDB is a suite of open source, scalable distributed time series databases. An injection vulnerability exists in OpenTSDB versions prior to 2.4.2 that stems from vulnerability to remote code execution vulnerabilities...

CVE-2022-2040

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Brizy plugin prior to 2.4.2, whi...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Brizy plugin prior to 2.4.2, whi...

Nagios 跨站脚本漏洞

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...

AZL-6812 CVE-2021-27291 affecting package python-pygments for versions less than 2.4.2-7

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

Kirby Panel Cross-Site Scripting Vulnerability

Kirby is a file-based CMS Content Management System system. panel is one of the control panel components. A cross-site scripting vulnerability exists in Kirby Panel versions prior to 2.3.3, 2.4.x versions prior to 2.4.2 and 2.5.x versions prior to 2.5.7. A remote attacker can exploit this...

Apache Ambari Remote Code Execution Vulnerability

Apache Ambari is a set of tools for configuring, managing and monitoring Apache Hadoop clusters from the Apache Software Foundation in the United States. The tool supports visualization and analysis of jobs and task execution, support for system alerts, etc. Ambari Agent is used as one of the...

CVE-2014-8546

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service out-of-bounds access or possibly have unspecified other impact via crafted Cinepak video data...

freetype: DoS via nested "seac" calls

Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...

Freetype ftmulti buffer overflow

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...