OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a memory leak in the jpgettoken function, which could lead to resource exhaustion...

PT-2026-26382

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

GHSA-5F53-522J-J454 Flowise Missing Authentication on NVIDIA NIM Endpoints

Missing Authentication on NVIDIA NIM Endpoints Summary The NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Vulnerability Details | Field | Value |...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the getTokenRoute function. An attacker can bypass token usage limits by sending concurrent requests before the database update completes,...

CVE-2026-1103

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

CVE-2025-13457

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

CVE-2025-10080

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

CVE-2024-13982

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

CVE-2024-13982

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

PT-2025-34953 · Spon Communications · Spon Ip Network Broadcast System

Name of the Vulnerable Software and Affected Versions: SPON IP Network Broadcast System affected versions not specified Description: SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read flaw. The issue stems from...

Livewire Cross-Site Request Forgery Vulnerability

Livewire is a full-stack framework for Laravel that allows you to build dynamic UI components without leaving PHP. A cross-site request forgery vulnerability exists in Livewire versions prior to v3.0.4, which originates from a vulnerability that allows remote attackers to execute arbitrary code v...

get-token-user10 (=0.10.1) potentially affected by unknown CVE via http-resources (=0.0.1-security)

http-resources NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on http-resources and may be impacted: - get-token-user10 =0.10.1 Source cves: unknown CVE Source advisory: OSV:MAL-2023-509...

AZL-44014 CVE-2018-14550 affecting package libpng15 1.5.30-15

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

AZL-45027 CVE-2018-14550 affecting package libpng15 1.5.30-15

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function gettoken in pnm2png.c in pnm2png...

libpng buffer overflow vulnerability (CNVD-2019-13088)

libpng is a PNG reference library that can create, read and write PNG graphics files. A buffer overflow vulnerability exists in the 'contrib/pngminus/pnm2png.c:gettoken' function in libpng, which originates when a networked system or product performs an operation in memory without properly...

PT-2018-3946 · Libpng +2 · Libpng +2

Name of the Vulnerable Software and Affected Versions: Libpng versions prior to 1.6.36 Description: The issue is related to a stack-based buffer overflow in the get token function in pnm2png.c of the libpng library, which can be exploited by a remote attacker to access sensitive data, compromise...

DEBIAN-CVE-2016-2317

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service crash via a crafted SVG file, related to the 1 TracePoint function in magick/render.c, 2 GetToken function in magick/utility.c, and 3 GetTransformTokens function in coders/svg.c...