Astra Linux - уязвимость в golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

SUSE CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

CVE-2026-32610 Glances's Default CORS Configuration Allows Cross-Origin Credential Theft

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

DEBIAN-CVE-2026-32609

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2026-32608

Glances CVE-2026-32608 describes a local command-injection in the action system. Before 4.5.2, Mustache-rendered values such as process names, mount points, or container names could contain shell metacharacters that are not safely handled by secure_popen(), causing unintended command splitting. A...

Security update for tcpreplay (important)

openSUSE Security Update: Security update for tcpreplay Announcement ID: openSUSE-SU-2026:0044-1 Rating: important References: 1218249 1221324 1222131 1243845 1247919 1248322 1248595 1248596 1248597 1248964 1250356 Cross-References: CVE-2023-4256 CVE-2023-43279 CVE-2024-22654 CVE-2024-3024...

EUVD-2026-0452

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

WordPress plugin Save as PDF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

CVE-2025-6051

CVE-2025-6051 is a ReDoS in Hugging Face Transformers’ EnglishNormalizer.normalize_numbers(), affecting versions up to 4.52.4 and fixed in 4.53.0. The issue arises from numeric string handling, enabling crafted inputs with long digit sequences to cause excessive CPU usage, impacting text-to-speec...

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

DEBIAN-CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

UBUNTU-CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

CVE-2025-9019

CVE-2025-9019 affects tcpreplay 4.5.1 (tcpprep component) where the function mask_cidr6 in cidr.c can cause a heap-based buffer overflow . The description notes a remote attack with high complexity and no required user interaction, with exploitation reportedly possible on the latest 4.5.1/recent ...

CVE-2022-4527

A vulnerability was found in collective.task up to 3.0.8. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...

AZL-77514 CVE-2025-30204 affecting package keda for versions less than 2.4.0-32

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2025-24440

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-45290

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...

CVE-2023-51420

Improper Control of Generation of Code 'Code Injection' vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2...

HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

...

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to an environmental issue that results from Apache HTTP Server's inability to close inbound connections when dropping the body of a request, leading to request smuggling. The vulnerability...