Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, deactivate /gfx which is enabled by default; instead,...

CVE-2025-7706

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

CVE-2025-7706

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion. This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

PT-2025-46567

Name of the Vulnerable Software and Affected Versions Team Members Showcase WordPress plugin versions prior to 3.5.0 Description The software does not properly sanitize and escape a parameter before displaying it on a page, creating a reflected cross-site scripting condition. This could potential...

GHSA-27FV-RPGJ-4C6M Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

WeGIA 输入验证错误漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An input validation error vulnerability exists in WeGIA versions prior to 3.5.0, which stems from the presence of an open redirect in the nextPage parameter in the control.php endpoint, which could result in...

PT-2025-34725 · Unknown · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability exists in mtons mblog up to version 3.5.0. The issue is located in an unknown function within the /admin/user/list file of the Admin Panel component. Manipulation of the Name...

PT-2025-33751 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta8 Description: Discourse, an open-source discussion platform, contains a cross-site scripting XSS issue in the welcome banner user name string for logged-in users. This can affect the user or an...

CVE-2023-22324

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

LangChain4j-AIDeepin 安全漏洞

LangChain4j-AIDeepin is an AI-based work efficiency improvement tool by moyangzhan's personal developer. It can be used to assist enterprises/teams in technical research and development, product design, personnel/financial/IT information consulting, system/commodity consulting, customer service...

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

...

freerdp: out-of-bounds read in ncrush_decompress

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available...

CVE-2023-52946

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors...

PT-2024-24826 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: JQuery versions prior to 3.5.0 Description: The camera may be susceptible to known vulnerabilities associated with JQuery versions prior to 3.5.0, a third-party component. Recommendations: For JQuery versions prior to 3.5.0, update to version...

WordPress plugin WP STAGING security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-13167 · Veridium · Veridiumid

Name of the Vulnerable Software and Affected Versions: VeridiumID versions prior to 3.5.0 Description: The issue allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack on the identity provider page. Recommendations: For versions prior to...

VeridiumID 安全漏洞

VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over all accounts by sending malicious input through the self-service portal...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Cross Selling in Modal Cart versions prior to 3.5.0. An attacker...

Django-SES 数据伪造问题漏洞

Django-SES is the Django email backend for Amazon Simple Email Service. A security vulnerability exists in Django-SES versions prior to 3.5.0 that stems from allowing users to specify arbitrary public certificates...