Astra Linux - уязвимость в ruby-rails-html-sanitizer

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

[SECURITY] Fedora 42 Update: mysql8.0-8.0.44-4.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2025-2307

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting XSS.This issue affects Aidango: before 2.144.4...

PT-2025-47807

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.3.4 through 5.5.1 Description ESF-IDF, the Espressif Internet of Things IOT Development Framework, contains a flaw in its hardware JPEG decoder when used with the ESP32-P4. The software parser does not perform adequate...

CVE-2021-24364

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data...

CVE-2025-31558

TailPress (TailPress – Tailwind for WordPress) vulnerability CVE-2025-31558 affects TailPress versions up to and including 0.4.4. The issue is described as an Insertion of Sensitive Information into Externally-Accessible File or Directory, enabling retrieval of embedded sensitive data. The availa...

Contec CONPROSYS HMI System 操作系统命令注入漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System CHS Ver.3.4.4 and earlier versions, which is rooted in susceptibility to an O...

PYSEC-2021-829

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

IrfanView .fpx file buffer overflow vulnerability (CNVD-2017-14134)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in version 4.47...

CVE-2017-0419

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally...