Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +997 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)

fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.6.22 and more Source cves: CVE-2026-25128 Source advisory: SNYK:JS-FASTXMLPARSER-15155603...

EUVD-2023-50939

Malicious code in bioql PyPI...

EUVD-2024-39592

Malicious code in bioql PyPI...

Authen::SASL::Perl::DIGEST_MD5 安全漏洞

Authen::SASL::Perl::DIGESTMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 and earlier, which stems from insecure cnonce generation...

CVE-2024-6595

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

CVE-2023-22725

GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6...

CVE-2023-46772

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data...

CVE-2023-52728

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString...

CVE-2024-32086

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1...

CVE-2024-35980

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand...

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

SUSE CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

NVIDIA GPU Display Driver for Linux 缓冲区错误漏洞

NVIDIA GPU Display Driver for Linux is a driver from NVIDIA Corporation for interactive support of graphics card display modules in Linux systems. A security vulnerability exists in the NVIDIA GPU Display Driver for Linux version, which arises from improperly restricting operations within a memor...

Regular Expression Denial of Service (ReDoS)

Overview semver is a semantic version parser used by npm. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. PoC js const semver = require'semver' const lengths2 = 2000, 4000,...

Isode M-Vault 安全漏洞

Isode M-Vault is a high performance secure LDAP/X.500 server from Isode UK. A security vulnerability exists in Isode M-Vault versions R16.0v0 through R17.0v23, which stems from a program that crashes on LDAP v1 bind requests...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +20740 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.16.1)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

CVE-2022-0685

A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...