CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

PT-2026-3452

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.3 Description A security issue exists in the @fastify/express plugin, which provides Express compatibility for Fastify. The problem occurs when middleware is registered with a specific path prefix...

CVE-2026-22611 AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This...

CVE-2025-40307

In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap syzbot created an exfat image with cluster bits not set for the allocation bitmap. exfat-fs reads and uses the allocation bitmap without checking this. The problem ...

SUSE CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

Shell Script Compiler 命令注入漏洞

Shell Script Compiler is a Shell Script Compiler by the individual developer Md Jahidul Hamid. A command injection vulnerability exists in Shell Script Compiler version 4.0.3 and earlier, which stems from an os command injection in the file src/shc.c function make in the component Filename Handle...

CVE-2021-21248

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...

PT-2024-31706 · Unknown · Whatsapp-Api-Js

Name of the Vulnerable Software and Affected Versions: whatsapp-api-js versions prior to 4.0.3 Description: The issue concerns Incorrect Access Control in the whatsapp-api-js framework, impacting anyone using the post or verifyRequestSignature methods to handle messages. It is possible to check t...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

PT-2023-30723 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy versions = 4.0.3 Description: A Cross-Site Scripting XSS issue exists in the 'product description' component within the "/api/stock/products" endpoint, allowing attackers to obtain a victim's cookies. This issue can be exploited by a...

AZL-28055 CVE-2022-48554 affecting package file for versions less than 5.40-3

File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: "File" is the name of an Open Source project...

Omeka S Cross-Site Scripting Vulnerability

Omeka S is an open source web content management system CMS from Omeka, Inc. that specializes in creating and managing digital exhibitions and online digital archives. It is a new version of the Omeka project, and unlike the traditional Omeka Classic, Omeka S emphasizes multi-user collaboration a...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A buffer overflow vulnerability exists in XPDF version 4.03. An attacker could exploit this vulnerability to cause the application to crash via a speciall...

PT-2022-11206 · Unknown · Xpdf-Reader

Name of the Vulnerable Software and Affected Versions: xpdfreader version 4.03 Description: The issue is related to a Buffer Overflow. Recommendations: For xpdfreader version 4.03, at the moment, there is no information about a newer version that contains a fix for this vulnerability...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which poses a remote code execution risk when restoring an incorrectly formatted backup file...

Best Practical RT for Incident Response 代码问题漏洞

Best Practical RT for Incident Response is an extension of Best Practical's RT. It provides pre-configured queues and workflows designed for incident response teams. A security vulnerability exists in Best Practical RT for Incident Response RTIR that stems from a vulnerability that allows an...

PT-2022-17576 · Czproject · Gitphp

Name of the Vulnerable Software and Affected Versions: czproject/git-php versions prior to 4.0.3 Description: The issue allows for Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to th...

Theonedev Onedev Security Breach

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. OneDev before version 4.0.3 has a...