10 matches found
CVE-2026-40094
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
PT-2026-34442
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A cached crafted response can cause an out-of-bounds read, which occurs when a program reads data outside the intended boundary of a buffer. This happens if cust...
EUVD-2025-203389
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
CVE-2025-66437
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
PT-2025-51258
Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A Server-Side Template Injection SSTI issue exists in the get address display method. This function uses frappe.render template with a context from the address dict parameter, which can be a...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from the presence of server-side template injection in the getaddressdisplay method, which could lead to server-side code...
AZL-54642 CVE-2024-53100 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...
PT-2024-35564
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.8 Description A race condition in the Linux kernel's NVMe TCP implementation can lead to a potential local privilege escalation. The issue arises from a race between the queue lock lock and the destroy...
UBUNTU-CVE-2024-38546
In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4hdmiaudioinit ofgetaddress may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center linuxtesting.org with SVACE...
UPX 缓冲区错误漏洞
UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX, which stems from an issue in function PackLinuxElf32::elflookup in plxelf.cpp:5349 that causes the generic pointer p to point to an inaccessible address in func getle32...