Infinite loop

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

EUVD-2010-0760

Malware in sbrugna...

EUVD-2022-5750

Malicious code in bioql PyPI...

CVE-2025-38649

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...

CVE-2024-11090

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have bee...

CVE-2023-42925

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments...

CVE-2023-42925

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments...

CVE-2022-2462

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...

CVE-2022-2462 Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...

PT-2022-19485 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions 2.2 through 2.3.17 BigBlueButton versions 2.4-rc-1 through 2.4-rc-5 Description: BigBlueButton is an open source web conferencing system. An attacker who is able to obtain the meeting identifier for a meeting on a serve...

MessageBus path traversal vulnerability

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

MessageBus 路径遍历漏洞

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

Ubuntu: Security Advisory (USN-4627-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-6243

Under certain conditions, SAP Adaptive Server Enterprise XP Server on Windows Platform, versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected...

MISP Marked Data Restriction Bypass Vulnerability

MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. A tag data limit bypass vulnerability exists in app/Controller/TagsController.php in MISP 2.4.118. An attacker...

Uber: Client secret, server tokens for developer applications returned by internal API

@appsecurein identified an internal API for https://riders.uber.com that could return clientsecret and server token for applications authorized by the account owner to access their Uber account. We restricted the data returned by this endpoint. Thanks for bringing this to our attention,...

Weblate: Missing restriction on string size of Full Name at https://demo.weblate.org/accounts/register/

Hi there Vulnerability Title: During my regular testing, I have found that there was no restriction on the amount of text that can be inserted into a user's Full name field. Security Impact: When the text size was large enough the service resulting in a momentary outage in our non-production...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

CVE-2011-1404

Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with 1 blocktype/myfriends/myfriends.json.php, 2 json/usersearch.php, 3 group/membersearchresults.json.php, or 4...

CVE-2011-1404

Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with 1 blocktype/myfriends/myfriends.json.php, 2 json/usersearch.php, 3 group/membersearchresults.json.php, or 4...