SUSE CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

CVE-2026-41648 Incus: Unbounded YAML Metadata Decode via Parsing

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

AVideo 操作系统命令注入漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Prior to version 7.0 of AVideo, there was a vulnerability related to operating system command injection. This vulnerability allowed unauthenticated attackers to execute arbitrary operating syst...

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

CVE-2023-45875

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

PYSEC-2023-235

An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster...

OpenEMR 路径遍历漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A local file inclusion vulnerability exists in versions of OpenEMR prior to 7.0.0,...

SUSE CVE-2021-3611

A stack overflow vulnerability was found in the Intel HD Audio device intel-hda of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects...

Couchbase Server 安全漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 7.0.4. No information about this vulnerability is...

DEBIAN-CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

FIS GT.M 安全漏洞

FIS GT.M is a database platform. A security vulnerability exists in versions of FIS GT.M prior to V7.0-000, which can be exploited by an attacker to cause a size variable stored as a signed integer to equal a very large value, which is interpreted as a negative value during a check. This value is...

FIS GT.M 代码问题漏洞

FIS GT.M is a database platform. A security vulnerability exists in FIS GT.M versions prior to V7.0-000, which stems from a missing NULL check in the call to iousopen in srunix/iousopen.c. The vulnerability can be exploited to crash an application by dereferencing a NULL pointer. An attacker can...

PT-2021-18205 · Gradle +2 · Gradle +2

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.0 Description: The issue allows an attacker to access information downloaded by Gradle due to files created with open permissions in the system temporary directory. This can lead to a local information disclosure,...

UBUNTU-CVE-2020-27752

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data...

ImageMagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 7.0.9-0, which stems...

Liferay Portal CE Cross-Site Scripting Vulnerability (CNVD-2017-20983)

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies , and can be used as a Web publishing and sharing workspaces , enterprise collaboration platforms , social networks and so on. A cross-site scripting vulnerability exists ...