ogre 安全漏洞

ogre is a scene-oriented 3D engine open-sourced by OGRECave. A security vulnerability exists in ogre 14.4.1 and earlier versions, which originates from a heap buffer overflow in the STBIImageCodec::encode function in the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp, which could lead to a...

Important: Red Hat Security Advisory: mod_security security update

An update for modsecurity is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2025-27135 RAGFlow SQL Injection vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

CVE-2025-27135

RAGFlow (open-source Retrieval-Augmented Generation engine) is affected by CVE-2025-27135. Versions 0.15.1 and earlier are vulnerable due to the ExeSQL component, which extracts SQL statements from input and sends them directly to the database query, enabling SQL injection. Reported impact is hig...

CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

[SECURITY] Fedora 40 Update: suricata-7.0.8-1.fc40

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

WebKit Homologation Policy Security Bypass Vulnerability

WebKit is KDE, Apple Apple, Google Google and other companies to develop a set of open source Web browser engine , currently used by Apple Safari and Google Chrome and other browsers . WebKit suffers from a same-origin policy security bypass vulnerability. An attacker can exploit this vulnerabili...

Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2017-29710)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Moderate: Red Hat Security Advisory: docker security and bug fix update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...