CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

ormar SQL注入漏洞

ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.22.0 have a SQL injection vulnerability. This vulnerability stems from the min and max methods not verifying the column names entered by users, which may lead to SQL injection attacks...

svg-sanitizer 输入验证错误漏洞

svg-sanitizer is a SVG format file cleaning tool by the individual developer Daryll Doyle. An input validation error vulnerability exists in versions of svg-sanitizer prior to 0.22.0, which stems from the cleanXlinkHrefs method searching only for lowercase attribute names, which could lead to...

OESA-2022-1664 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

PT-2022-11685 · Opensc +2 · Opensc +2

Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A heap use after free issue was found in the sc file valid function. This issue can potentially be exploited, but no specific details about the estimated number of affected devices or real-world...

PT-2021-14396 · Unknown +2 · Blaze-Core +5

Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.17 http4s versions prior to 0.22.0-M2 http4s versions prior to 1.0.0-M14 Description: The issue is related to the blaze-core library, which accepts connections unboundedly on its selector pool. This can lead to a...