11 matches found
SUSE CVE-2026-7210
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
EUVD-2024-49660
Malicious code in bioql PyPI...
EUVD-2022-7360
Malicious code in bioql PyPI...
CVE-2025-8553 atjiu pybbs list cross site scripting
A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitiveword/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed ...
CVE-2025-7785
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated...
CVE-2025-7546
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...
CVE-2025-4287
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has bee...
GHSA-9Q7Q-R54Q-3F3G Cross-site Scripting (XSS) in DataObject Classification Store
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...
Multiple vulnerabilities in Trend Micro ServerProtect
Overview Trend Micro Incorporated has released security updates for ServerProtect. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Remote control execution due to insufficiently protected static credentials Denial-of-servic...
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
DEBIAN-CVE-2018-13346
The mpatchapply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004...