11634 matches found
CVE-2025-24789 Snowflake JDBC allows an untrusted search path on Windows
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write...
PCI: Fix reset_method_store() memory leak
...
CVE-2018-9378
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...
DTEX DEC-M 安全漏洞
DTEX DEC-M is a unified internal risk management platform from DTEX Corporation. A security vulnerability exists in DTEX DEC-M version 6.1.1, which stems from a lack of proper logical validation, and allows an attacker to elevate privileges to root via an unauthorized client connection using the...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
CVE-2024-56953
An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...
PT-2025-3357 · Baidu · Baidu Input Method
Name of the Vulnerable Software and Affected Versions: Baidu Input Method version 12.6.13 Description: The issue allows attackers to access user information by supplying a crafted link. Recommendations: For version 12.6.13, update to a newer version to mitigate the risk. At the moment, there is n...
CVE-2024-56953
CVE-2024-56953 affects Baidu Input Method for iOS 12.6.13. The issue allows attackers to access user information by delivering a crafted link. Root cause details are not fully disclosed in the provided documents. Affected component: Baidu Input Method (iOS). Impact described: unauthorized access ...
Sogou Input 安全漏洞
Sogou Input is an input method from the Chinese company Sogou Sogou. A security vulnerability exists in Sogou Input iOS version 12.2.0, which originates from an attacker being able to obtain sensitive user information by providing a carefully crafted link...
CVE-2024-56953
An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...
CVE-2024-56953
An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...
Baidu Input Method 安全漏洞
Baidu Input Method is an input method from the Chinese company Baidu Baidu. A security vulnerability exists in Baidu Input Method version v12.6.13, which originates from an attacker being able to access sensitive user information by providing a carefully crafted link...
CVE-2025-0705 JoeyBling bootplus QrCodeController.java qrCode redirect
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text lead...
Exploit for Protection Mechanism Failure in 7-Zip
7-Zip Mark-of-the-Web Bypass Vulnerability CVE-2025-0411 - P...
WordPress plugin WP IMAP Auth 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
Cross-Site Request Forgery (CSRF)
typo3/cms-beuser is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, where HTTP GET submissions are incorrectly accepted instead of enforcing the appropriate HTTP method. Misconfigurations, such as...
Cross-Site Request Forgery (CSRF)
typo3/cms-scheduler is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of HTTP methods and a failure to enforce appropriate security settings, which allows attackers to submit malicious requests through CSRF...
Cross-Site Request Forgery (CSRF)
typo3/cms-form is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of state-changing actions in downstream components, which incorrectly accept submissions via HTTP GET requests instead of enforcing the correct HTTP method. Misconfigured settings, such ...
CVE-2025-23206
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...