14 matches found
SUSE CVE-2026-33214
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue b...
CVE-2026-31970
Summary: HTSlib’s GZI index loading path (bgzf_index_load_hfile) may overflow a heap buffer due to an integer overflow, causing a heap buffer overflow. This can crash the application, corrupt data, or potentially allow arbitrary code execution when a crafted GZI file is opened. Affected component...
CVE-2026-21865
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...
CVE-2025-48881
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If...
PT-2025-5189 · Unknown · Menus Plus+
Name of the Vulnerable Software and Affected Versions: Menus Plus+ versions 1.9.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL Injection. This means that an attacker could potentially inject malicious SQL cod...
PT-2024-9578 · Ruijie · Ruijie Reyee Os
Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x through 2.319.x Description: The issue is related to a weak credential mechanism used in the Ruijie Reyee OS, which could allow an attacker to easily calculate MQTT credentials. This could potentially permit a...
PT-2024-33408 · Sourcecodester · Sourcecodester Simple Online Bidding System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save product. This issue...
PT-2024-24000 · Solwin Infotech · Solwin Infotech User Activity Log
Name of the Vulnerable Software and Affected Versions: Solwin Infotech User Activity Log versions 1.8 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation b...
PT-2023-10581 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub. Specially crafted commands sent through the PubNub service can cause a...
GHSA-929W-Q433-4H9X Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
PT-2021-4584 · Exiv2 +8 · Exiv2 +8
Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.27.3 Description: The issue is related to an integer overflow in the CrwMap::encode0x1810 function of Exiv2, which can be exploited by attackers to trigger a heap-based buffer overflow, causing a denial of service DOS via...
PT-2009-5970 · Httpdx · Httpdx
Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4 through 1.4.3 Description: The issue is a stack-based buffer overflow in the h handlepeer function, located in http.cpp. This can be triggered by remote attackers sending a long HTTP GET request, potentially causing a deni...
ag-traverse.txt
netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...