1075 matches found
Numeric Truncation Error
Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to improper conversion of string length from an int64/int32 to an int16 without checks for overflows. values in the process handling UTF-8 encoded data. An attacker can cause packet corruption or unintended...
CVE-2025-41115
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
OPENSUSE-SU-2025:20089-1 Security update for mysql-connector-java
This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability bsc1241693 - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. -...
BIT-GRAFANA-2025-41115 Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
CVE-2025-41115 Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
Espressif IoT Development Framework 数字错误漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A numeric error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, and 5.3.4, which stems from a lack of validation of the JPEG decoder and could lead to...
PT-2025-47660
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions prior to 4.2.9.5 Description The LearnPress – WordPress LMS Plugin for WordPress is affected by a sensitive information disclosure issue. Missing capability checks in the REST endpoint...
TencentOS Server 4: jq (TSSA-2025:0286)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0286 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2025-198207
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
CVE-2025-41346
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availabili...
CVE-2025-41346
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availabili...
CVE-2025-41346 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availabili...
CVE-2025-41346 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availabili...
HSEC-2023-0007 readFloat: memory exhaustion with large exponent
readFloat: memory exhaustion with large exponent Numeric.readFloat takes time and memory linear in the size of the number denoted by the input string. In particular, processing a number expressed in scientific notation with a very large exponent could cause a denial of service. The slowdown is...
Siemens SIMATIC S7-1500 Incorrect Conversion between Numeric Types (CVE-2021-27219)
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. This plugin only works with Tenable.ot. Pleas...
Siemens SIMATIC S7-1500 Incorrect Conversion between Numeric Types (CVE-2019-19317)
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-1500 Incorrect Conversion between Numeric Types (CVE-2021-27218)
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation. This plugin only works with Tenable.ot. Please visit...
Adobe Substance3D Stager 数字错误漏洞
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
Adobe Illustrator on iPad 数字错误漏洞
Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator on iPad suffers from an integer sneak vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...
EUVD-2025-37774
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode...