21 matches found
OESA-2026-1342 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003715)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003715 advisory. checkinputterm in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Tenable has extracted the preceding...
python311-Django-5.2.9-1.1 on GA media (moderate)
python311-Django-5.2.9-1.1 on GA media Announcement ID: openSUSE-SU-2025:15805-1 Rating: moderate Cross-References: CVE-2025-13372 CVE-2025-64460 CVSS scores: CVE-2025-13372 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2025-64460 SUSE : 7.5...
SUSE CVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
EUVD-2025-200852
Malicious code in elf-stats-mulled-drum-529 npm...
CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
WordPress plugin Reviews Widgets for Google & 45+ platforms by Repuso 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Reviews Widge...
CVE-2023-52917
creationtimestamp| type| source ---|---|--- 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...
CVE-2024-43921
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9...
PT-2023-11638 · Xz +2 · Xz +2
Name of the Vulnerable Software and Affected Versions: XZ version 5.2.5 Description: An issue in XZ allows attackers to cause a denial of service via decompression of a crafted file. The vendor disputes the claims of "endless output" and "denial of service" because decompression of a 17,486 bytes...
NETGEAR WG302 Command Injection Vulnerability
NETGEAR WG302 is a wireless access point from NETGEAR. A security vulnerability exists in the NETGEAR WG302v2 version v5.2.9, WAG302v2 version v5.1.19, which stems from the firmwareRestore and firmwareServerip parameters in the upgradehandler function containing multiple command injection...
Important: kernel-livepatch-4.14.311-233.529
Issue Overview: An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124...
CVE-2022-32145
A vulnerability has been identified in Teamcenter Active Workspace V5.2 All versions V5.2.9, Teamcenter Active Workspace V6.0 All versions V6.0.3. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected application that could allow an attacker to execute...
GlobalProtect 安全漏洞
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in the Palo Alto Networks GlobalProtect app, which can be exploited by a local attacker to...
CVE-2018-19952
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11...
Linux kernel memory misreference vulnerability (CNVD-2020-00267)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in Linux kernel versions prior to 5.2.9. An attacker could exploit this...
Linux kernel resource management error vulnerability (CNVD-2019-35843)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the xfssetattrnonsize file in fs/xfs/xfsiops.c in Linux kernel 5.2.9 and earlier versions, which can be exploited b...
Linux kernel null pointer dereference vulnerability (CNVD-2019-32360)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in the ath6klusballocurbfrompipe function in the...
PT-2018-17475 · Pulse · Pulse Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.1RX through 8.1R11 Pulse Connect Secure PCS versions 8.3RX through 8.3R1 Pulse Policy Secure PPS versions 5.2RX through 5.2R8 Pulse Policy Secure PPS versions 5.4RX through 5.4R1 Description: A vulnerabilit...
miniSphere Integer Overflow Vulnerability
miniSphere is a lightweight JavaScript-based game engine. An integer overflow vulnerability exists in the 'layerresize' function in the mapengine.c file in miniSphere 5.2.9 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service with the help of a specially...