Espressif Shared GitHub DangerJS 安全漏洞

Espressif Shared GitHub DangerJS is a code review tool developed by Espressif Systems for automatically checking the format of pull requests. Versions of Espressif Shared GitHub DangerJS prior to version 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from entrypoint.sh...

EUVD-2026-32153

A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information...

AZL-37764 CVE-2023-3817 affecting package hvloader for versions less than 1.0.1-9

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

AZL-37680 CVE-2023-0464 affecting package hvloader for versions less than 1.0.1-3

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A cross-site scripting vulnerability exists in versions prior to Discourse Calendar 1.0.1, which can be exploited by an attacker to affect the parsing and rendering of event...

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CloudBees Jenkins Azure Container Service plugin code issue vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Azure Container Service Plugin is used in which an Azure...

Schneider Electric ZigBee Installation Toolkit Code Issue Vulnerability

Schneider Electric ZigBee Installation Toolkit is an installation toolkit software for the ZigBee wireless network protocol from Schneider Electric France. A code issue vulnerability exists in versions of Schneider Electric ZigBee Installation Toolkit prior to 1.0.1. The vulnerability can be...

PT-2020-6124 · Google +9 · Libwebp +9

Name of the Vulnerable Software and Affected Versions: libwebp versions prior to 1.0.1 Description: A flaw was found in libwebp, related to an out-of-bounds read in the ChunkAssignData function. This issue poses a threat to data confidentiality and service availability. Exploitation of this flaw...

PT-2018-3682 · Google +9 · Libwebp +9

Name of the Vulnerable Software and Affected Versions: libwebp versions prior to 1.0.1 Description: A heap-based buffer overflow was found in the GetLE24 function, which can be exploited by creating a specially crafted file, potentially allowing a remote attacker to access confidential informatio...