4 matches found
PT-2026-51639
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description An OS command injection issue exists due to an incomplete fix for a previous vulnerability. The sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php fails to neutralize the...
PT-2026-42821
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.15.3 Description An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The getCredentials utility function employs a falsy check...
EUVD-2024-2138
Malicious code in bioql PyPI...
CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...