365 matches found
📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting
PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...
SUSE CVE-2025-7067
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...
AZL-65208 CVE-2025-7067 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...
DEBIAN-CVE-2025-7067
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5FSsinfoserializenodecb function. An attacker can cause a denial of service by triggering a heap-based buffer overflow through local access. Remediation A fix was pushed into the master branch but not...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).
Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...
NI Circuit Design Suite 安全漏洞
NI Circuit Design Suite is a circuit design suite from National Instruments NI that provides a complete set of tools for circuit design, simulation, verification, and layout. A security vulnerability exists in NI Circuit Design Suite version 14.3.0 and earlier, which stems from a stack buffer...
GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)
rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0025...
RUSTSEC-2025-0025 rustc-serialize is unmaintained
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
rustc-serialize is unmaintained
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
PT-2025-19690 · Crates.Io · Rustc-Serialize
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
SUSE CVE-2025-2914
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FSsinfoSrializeSctcb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has...
SUSE CVE-2025-2926
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
AZL-59347 CVE-2025-2926 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
AZL-59397 CVE-2025-2926 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
UBUNTU-CVE-2025-2926
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
CVE-2025-2926
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
HDF5 安全漏洞
HDF5 is an HDF open source library. A security vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from a null pointer dereference in the H5Ocachechkserialize function that requires local access...
@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +1728 more potentially affected by CVE-2024-11831 via serialize-javascript (>=6.0.0 <=6.0.1)
serialize-javascript NPM version =6.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =1.1.8, =0.4.10, =5.0.0, =6.0.0 and more Source cves: CVE-2024-11831 Source advisory: OSV:GHSA-76P7-773F-R4Q5...
Cross-site Scripting (XSS) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...