Improper Neutralization of Null Byte or NUL Character

Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character in the LZ4FcreateCDictadvanced function, when processing LZ4 frames. An attacker can cause an application to crash or trigger unintended behavior by submitting specially crafted LZ4...

CVE-2025-39861 Bluetooth: vhci: Prevent use-after-free by removing debugfs files early

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhcirelease, before associated data structures ar...

fig2dev 安全漏洞

fig2dev is a simple tool from the Xfig open source. It is used to translate fig code from a named fig file into a specified graphics language. A security vulnerability exists in fig2dev version 3.2.9a, which stems from a heap buffer overflow in the createlinewithspline function that could lead to...

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress...

PT-2024-5502 · Umi Cms · Umi Cms

Name of the Vulnerable Software and Affected Versions: UMI CMS affected versions not specified Description: The issue is related to the lack of protection against SQL query structure exploitation in UMI CMS, a multi-site content management system. This could allow a remote attacker to execute...

PT-2023-26113 · Vanderbilt · Redcap

Name of the Vulnerable Software and Affected Versions: Vanderbilt REDCap version 13.1.35 Description: A stored cross-site scripting XSS vulnerability in the new REDCap project creation function allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the...

Cross site request forgery (csrf)

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS version v.1.26. An attacker has...

PT-2022-34946 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.6 Description: A memory leak issue exists in the lpfc create port function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.6,...

Atlassian Jira Transition Scheduler plugin跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The Atlassian Jira Transition Scheduler plugin version 6.5.0 contains a cross-site scripting vulnerability, which stems from the fact that it is easy to store XSS to the creation function via the project name. An...

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function...

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

DEBIAN-CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...