14 matches found
JLSEC-2026-631 Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in...
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2026-54841
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
EUVD-2026-16509
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...
CVE-2025-70341
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...
CVE-2025-68434
CVE-2025-68434 affects OpenSourcePOS 3.4.0–3.4.1, where CSRF protection was explicitly disabled in the global filters, allowing a logged-in administrator’s browser to be coerced into making state-changing POST requests and silently create a new Administrator account. The issue is fixed in 3.4.2 b...
PT-2024-36294 · Unknown +1 · Syntaxhighlighter +1
Name of the Vulnerable Software and Affected Versions: CK and SyntaxHighlighter versions n/a through 3.4.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a w...
LibreSSL 信任管理问题漏洞
LibreSSL is an open source implementation of a secure socket layer and transport layer security protocol. A security vulnerability exists in LibreSSL versions prior to 3.4.2, which stems from an error that sometimes drops unvalidated certificate chains, and an authentication bypass...
SUSE CVE-2018-10001
The decodeinit function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out of array read via an AVI file...
go-with-me SQL注入漏洞
go-with-me is a CPE342 database project by porpeeranut individual developers. A SQL injection vulnerability exists in go-with-me. An attacker could exploit this vulnerability to perform a sql injection attack...
CVE-2021-3427
creationtimestamp| type| source ---|---|--- 2022-08-26 20:30:23+00:00| seen| https://t.me/cibsecurity/48892...
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
...
Adobe Shockwave Player Memory Corruption Vulnerability (CNVD-2019-10621)
Adobe Shockwave Player is a multimedia player product from the American company Adobe. The product is able to Adobe Director a multimedia production software produced by the application published to the Internet, installed with the Shockwave plug-in browser can be viewed. A memory corruption...