73993 matches found
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
[SECURITY] Fedora 43 Update: pyOpenSSL-26.0.0-1.fc43
High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...
SUSE CVE-2026-4887
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent...
Fleet 安全漏洞
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...
PT-2026-28312
Name of the Vulnerable Software and Affected Versions Coverity Connect affected versions not specified Description The authentication logic in the command line tooling for Coverity Connect is missing an error handler, leading to a potential authentication bypass. An attacker with access to the...
Medium: freetype
Issue Overview: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. CVE-2026-23865...
PT-2026-28568
Name of the Vulnerable Software and Affected Versions ecdsa versions prior to 0.19.2 Description The ecdsa package, a Python implementation of ECC, contains a flaw in its DER parsing functions. Specifically, ecdsa.der.remove octet string incorrectly accepts truncated DER data where the declared...
handlebars 代码问题漏洞
Handlebars is a semantic web template system. Versions of Handlebars 4.7.8 and earlier have a code vulnerability that arises when templates contain unregistered decorator references, leading to an unhandled TypeError. This can cause Node.js processes to crash, resulting in a denial-of-service...
brace-expansion 资源管理错误漏洞
Brace-expansion is a Brace extension in JavaScript developed by Julian Gruber. Versions prior to 5.0.5, 3.0.2, 2.0.3, and 1.1.13 contained a resource management error vulnerability. This vulnerability stemmed from a bracket pattern where the step length was zero, causing the sequence generation t...
CVE-2026-2484
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages...
Exploit for CVE-2026-29971
CVE-2026-29971 An attacker can execute arbitrary JavaScript in...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the OIDC authentication error message handling process. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting a malicious input that is reflected in the error message...
Cross-site Scripting (XSS)
Overview github.com/ory/hydra/oauth2 is an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorhint parameter. An attacker can execute arbitrary JavaScript in the context of the user's...
GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra
Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...