Orval code injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.19.0 to 7.21.0, as well as versions before 8.2.0, have a code injection vulnerability. This vulnerability stems from incomplete escape handling in the jsStringEscape function, which may lead to code...

EUVD-2025-201445

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

Linux Distros Unpatched Vulnerability : CVE-2017-10311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.7.19 and earlier. Easily...

Linux Distros Unpatched Vulnerability : CVE-2017-10314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.37 and earlier and...

Linux Distros Unpatched Vulnerability : CVE-2017-10167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.19 and earlier. Easily...

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

CVE-2024-24708

Cross-Site Request Forgery CSRF vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19...

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

Progress Software OpenEdge Authentication Gateway Security Vulnerability

Progress Software OpenEdge Authentication Gateway is a Progress Software for providing authentication services in OpenEdge environments. A security vulnerability exists in Progress Software OpenEdge Authentication Gateway that stems from the presence of an authentication bypass vulnerability...

CVE-2024-21673

This High severity Remote Code Execution RCE vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution RCE vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker t...

Atlassian Confluence Security Vulnerability

Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of a remot...

PT-2024-1275 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server versions 7.19.0 through 7.19.16 Confluence Data Center and Server versions 8.5.0 through 8.5.4 Confluence Data Center versions 8.7.0 through 8.7.1 Description: The issue is related to insufficient input...

SUSE CVE-2017-10286

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

SUSE CVE-2017-10314

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

SUSE CVE-2017-10320

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

SUSE CVE-2018-2591

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719...

CVE-2022-32263

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719...

curl: heap buffer overflow in function tftp_receive_packet()

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...