40 matches found
CVE-2026-41888
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...
Unity Linux 20.1060e / 20.1070e Security Update: linuxptp (UTSA-2026-017411)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017411 advisory. A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker...
CVE-2026-33250
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...
CVE-2026-1778
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...
Graphql Modules: Competition Condition Vulnerability
Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...
CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20
CVE-2018-19827 affecting package reaper for versions less than 3.1.1-20. A patched version of the package is available...
CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21
CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21. A patched version of the package is available...
tar-fs 安全漏洞
tar-fs is a tar-stream filesystem bundle from the individual developer Mathias Buus. A security vulnerability exists in tar-fs versions prior to 3.1.1, 2.1.3, and 1.16.5, which stems from the possibility of bypassing symbolic link validation when the destination directory is predictable...
PT-2025-33094 · Unknown · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM versions prior to 3.1.1 Dolibarr ERP/CRM versions prior to 3.2.0 Description: Dolibarr ERP/CRM contains a post-authenticated operating system command injection issue in its database backup feature. The export.php script does...
CVE-2025-43568
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-29904
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...
PT-2025-11038
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 3.1.1 Description: The issue allows for HTTP Request Smuggling. Recommendations: For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue...
Komtera KLog Server 路径遍历漏洞
Komtera KLog Server is a logging solution from Komtera. A path traversal vulnerability exists in Komtera KLog Server versions prior to 3.1.1, which stems from improperly restricting directory pathnames when processing web input to file system calls...
CVE-2024-13263
Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1...
AZL-49740 CVE-2024-42861 affecting package linuxptp for versions less than 3.1.1-1
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...
Object Resolver Security Vulnerability
Object Resolver is a general-purpose feature by Samuel Akopyan Personal Developer. It is used to handle nested attributes in JavaScript objects of unlimited depth. A security vulnerability exists in Object Resolver versions prior to 3.1.1, which stems from allowing an attacker to cause prototype...
PT-2024-26279 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions prior to 3.1.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the generate...
PT-2024-13409 · Itop +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.1.1 iTop versions prior to 3.2.0 Description: The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname o...
JSON Web Token Security Vulnerability
JSON Web Token is a compact URL security method for representing a statement to be transmitted between two parties. A security vulnerability exists in JSON Web Token versions prior to 3.1.1 that stems from vulnerability to JWT algorithm obfuscation attacks...
AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...