OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift prior to 1.6.3-alpha contained security vulnerabilities. These vulnerabilities stemmed from certain endpoints returning raw error strings to the client, and the login token material w...

CVE-2026-23955

EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1335)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1335 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1321)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1321 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

TencentOS Server 4: golang (TSSA-2025:0958)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0958 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

FreeBSD : go -- excessive resource consumption (245bd19f-d035-11f0-84e9-c7a56e37e3f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 245bd19f-d035-11f0-84e9-c7a56e37e3f0 advisory. The Go project reports: Within HostnameError.Error, when constructing an error string, there is no limi...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go that stems from the HostnameError.Error function in package crypto/x509 constructing an error string without limiting the number ...

DEBIAN-CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string...

http-sql-injection NSE Script

Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. It also extracts forms from found websites and tries to identify fields that are vulnerable. The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted...

Not all error strings are encoded

A XSS vulnerability where a string could bypass the Anti-XSS mechanism has been identified. This issue corrects this problem. The severity of this issue is rated as LOW. Please see http://confluence.atlassian.com/x/ZILmD for information on other security related issues and our rating system...