UBUNTU-CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java

This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...

EUVD-2008-3125

Malware in sbrugna...

CVE-2024-27289

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

CVE-2024-27289

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

CVE-2024-27289 pgx SQL Injection via Line Comment Creation

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

GHSA-M7WR-2XF7-CM9P pgx SQL Injection via Line Comment Creation

Impact SQL injection can occur when all of the following conditions are met: 1. The non-default simple protocol is used. 2. A placeholder for a numeric value must be immediately preceded by a minus. 3. There must be a second placeholder for a string value after the first placeholder; both must be...

CVE-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

CVE-2020-28898

In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation...

U.S. Dept Of Defense: Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course

The application allowed an attacker to enumerate all candidate names who had applied for various courses by cycling a numeric parameter in the application's URL...

CVE-2019-9085

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019&idtransazione=1&numerocontratto=1&nfile=a query string ...

CVE-2019-9085

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019&idtransazione=1&numerocontratto=1&nfile=a query string ...

GHSA-M46P-GGM5-5J83 Rails vulnerable to Cross-site Scripting

There is an XSS vulnerability in the numbertocurrency, numbertopercentage and numbertohuman helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users...

Rails vulnerable to Cross-site Scripting

There is an XSS vulnerability in the numbertocurrency, numbertopercentage and numbertohuman helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users...

UBUNTU-CVE-2016-9375

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful...

CVE-2014-9115

SQL injection vulnerability in the ratepicture function in include/functionsrate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a...

CVE-2014-2020

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a...

XSS Vulnerability in number_to_currency

There is an XSS vulnerability in the numbertocurrency helper in Ruby on Raile. The numbertocurrency helper allows users to nicely format a numeric value. One of the parameters to the helper unit is not escaped correctly. Applications which pass user controlled data as the unit parameter are...

php -- multiple vulnerabilities

PHP developers reports: Security Enhancements and Fixes in PHP 5.3.5: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645 Security Enhancements and Fixes in PHP 5.2.17: Fixed bug 53632 PHP hangs on numeric value 2.2250738585072011e-308. CVE-2010-4645...

Code injection

Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service CPU consumption via a packet with a large numeric value in a 0x80 data block...