17 matches found
nimiq-blockchain: Peer-triggerable panic during history sync
Impact HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into...
CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...
EUVD-2026-9061
pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...
CVE-2026-25391 WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through = 1.3.07...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
Vimesoft Messaging Platform 安全漏洞
Vimesoft Messaging Platform is an enterprise instant messaging platform from the Turkish company Vimesoft. A security vulnerability exists in Vimesoft Messaging Platform version V1.3.0 up to and including version V2.0.0, which stems from the embedding of sensitive information in the sent data and...
EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞
EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...
Dalmann OCPP.Core Security Vulnerability
Dalmann OCPP.Core is an OCPP Open Charge Point Protocol server written in .NET 6 by Ulrich Personal Developer. A security vulnerability exists in Dalmann OCPP.Core versions prior to 1.3.0, which stems from the server allowing an attacker to stop a transaction using a Random Transaction ID...
DEBIAN-CVE-2023-34457
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...
CVE-2023-21838
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...
CVE-2022-38130
creationtimestamp| type| source ---|---|--- 2022-08-11 00:26:35+00:00| seen| https://t.me/cibsecurity/47904 2024-11-16 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-16 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
AZL-10337 CVE-2021-33467 affecting package yasm 1.3.0-17
An issue was discovered in yasm version 1.3.0. There is a use-after-free in ppgetline in modules/preprocs/nasm/nasm-pp.c...
UBUNTU-CVE-2021-45846
A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute...
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Installation. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
USC iLab cereal buffer overflow vulnerability
USC iLab cereal is a C++ library for serialization. A security vulnerability exists in USC iLab cereal version 1.3.0 and earlier. An attacker can exploit the vulnerability to obtain sensitive information memory layout or private key...
CVE-2016-3468
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install...
CVE-2015-0386
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191...