pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad 0.5.0b3.dev96 and earlier have code vulnerabilities. These vulnerabilities stem from the parseurls API function’s lack of URL validation and protocol restrictions, which may allow authenticated users to access interna...

CVE-2025-2498 Insufficient Granularity of Access Control in GitLab

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

PT-2025-33048 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.0 through 18.0.5 GitLab EE versions 18.1 through 18.1.3 GitLab EE versions 18.2 through 18.2.1 Description: An improper access control issue exists in GitLab EE. Under certain conditions, users could view assigned issues...

CVE-2024-4084

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...

PT-2023-9842

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server version 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description A flaw in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware, is caused by insufficient input validation and a...

PT-2022-24405 · Apache +5 · Apache Xml Graphics Batik +5

Name of the Vulnerable Software and Affected Versions: Apache XML Graphics Batik version 1.14 Description: A Server-Side Request Forgery SSRF vulnerability in Apache XML Graphics Batik allows an attacker to load a URL through the jar protocol. This issue enables information disclosure...

CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

Design/Logic Flaw

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols CMP, ACME, REST, etc. through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. EJBCA's internal acces...

CVE-2018-11240

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as o...

ALPINE-CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name longer than about 515 bytes, the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used...

CVE-2015-7545

The 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a a .gitmodules file ...

How to fix POODLE SSLv3 security vulnerability (CVE-2 0 1 4-3 5 6 6)-vulnerability warning-the black bar safety net

POODLE = P adding O racle O n D owngraded L egacy E ncryption First of all, this is a belated naming, but security is still terrible. The latest security vulnerability CVE-2 0 1 4-3 5 6 6 code name is POODLE, which is an abbreviation for, in accordance with the above title to have actual meaning?...