173787 matches found
Medium: vorbis-tools
Issue Overview: A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow...
Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2026-3349 (ALAS-2026-3349)
The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3349 advisory. A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function...
PT-2026-47253
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. I...
Important: tomcat10
Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...
Important: tomcat
Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...
Important: tomcat9
Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...
PT-2026-47266
This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...
Important: nvidia-driver
Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...
PT-2026-47619
internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...
PT-2026-47624
Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...
PT-2026-47575
Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs by the UI...
JeecgBoot 输入验证错误漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contained a vulnerability related to input validation errors. This vulnerability originated from a function in the Third-Party Login component,...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Skia’s insufficient validation of untrusted inputs...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after File Input is released...
Important: libnvsdm
Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...
Important: perl-HTTP-Daemon
Issue Overview: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or...
NLnet Labs Routinator 输入验证错误漏洞
NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. NLnet Labs Routinator has a vulnerability related to input validation. This vulnerability arises when a specially crafted non-UTF-8 string is sent as the select-asn query parameter to the...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Dawn’s insufficient validation of unreliable inputs...
hsweb4 输入验证错误漏洞
hsweb4 is an open-source full-responsive backend management framework based on Spring Boot 2. In versions of hsweb4 5.0.1 and earlier, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of the OAuth2Client function in the file...