23 matches found
This Week in Spring - June 9th, 2026
Hi Spring fans! Welcome to another installment of This Week in Spring! Tons of releases coming out today and this week! So make sure you're pulling in the latest posts, as often as possible! Spring LDAP 2026.06 Releases - Contains CVE Fix Spring Framework 7.0.8 and 6.2.19 Available Now Spring...
CVE-2026-8212
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...
EUVD-2026-28949
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...
DEBIAN-CVE-2026-8213
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...
DEBIAN-CVE-2025-68480
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...
OpenVPN 安全漏洞
OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...
MAL-2025-6989 Malicious code in 2.9.1-genesis-bugs-rc1 (npm)
The package 2.9.1-genesis-bugs-rc1 was found to contain malicious code...
CVE-2012-10039 ZEN Load Balancer Filelog Command Execution
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...
PT-2025-32552 · Unknown +1 · Zen Load Balancer +2
Name of the Vulnerable Software and Affected Versions: ZEN Load Balancer versions 2.0 ZEN Load Balancer version 3.0-rc1 Description: ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection issue in the content2-2.cgi file. The filelog parameter is passed directly to an exec call...
PT-2024-35779 · Sangoma · Asterisk
Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 22.0.0-pre1 through 22.0.0-rc2 Description: The issue is related to the action listcategories function, which allows attackers to execute a path traversal. This could potentially lead to unauthorized access to...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.10-rc-1, which originates from the WYSIWYG editor that can be used by an unprivileged user to trick a user with...
Novel-Plus Code Issue Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file download vulnerability in the component com.java2nb.common.controller.FileController: fileDownload...
PT-2024-20236 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to perform SQL injection via the /system/dataPerm/list API endpoint by passing crafted offset, limit, and sort parameters. Recommendations...
Novel-Plus Security Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v4.3.0-RC1 and earlier versions. An attacker can exploit the vulnerability to pass specially crafted offset, limit, and sort parameters to perform a SQL injectio...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in XWiki Platform, which stems from. Affected products and versions: XWiki Platform 2.6 RC2 and earlier, 2.7 RC1 and earlier...
PT-2023-8600 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.2 XWiki Platform versions prior to 15.0-rc-1 Description: The issue exists due to the lack of measures to neutralize...
aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23562 via tensorflow (>=2.7.0 <=2.7.0rc1)
tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23562 Source advisory: OSV:GHSA-QX3F-P745-W4HR...
DEBIAN-CVE-2021-20177
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
PT-2020-8679 · Argo · Argo
Name of the Vulnerable Software and Affected Versions: Argo versions prior to v1.5.0-rc1 Description: The issue allows authenticated Argo users to submit API calls to retrieve secrets and other manifests stored within git. Recommendations: For versions prior to v1.5.0-rc1, update to version...
wildfly-core: Cross-site scripting (XSS) in JBoss Management Console
A cross-site scripting XSS vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users...