archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

[SECURITY] Fedora 44 Update: pypy3.10-7.3.19-11.3.10.fc44

PyPy's implementation of Python 3.10, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

MiracleLinux 7 : kernel-3.10.0-1160.114.2.el7 (AXSA:2024-7634:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7634:08 advisory. sched/membarrier: reduce the ability to hammer on sysmembarrier CVE-2024-26602 kernel: use-after-free in l2capconnect and l2capleconnectreq in...

CVE-2023-4716

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mlagallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-200027

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...

Shirt Pocket SuperDuper! 安全漏洞

Shirt Pocket SuperDuper! is a data backup, disk cloning and recovery tool for macOS from Shirt Pocket. A security vulnerability exists in Shirt Pocket SuperDuper! V.3.10 and earlier versions that originates from a local attacker who can execute arbitrary code via the software update mechanism...

Shirt Pocket SuperDuper! 安全漏洞

Shirt Pocket SuperDuper! is a data backup, disk cloning and recovery tool for macOS from Shirt Pocket. A security vulnerability exists in version v3.10 of Shirt Pocket SuperDuper! that stems from improper access control of the SDAgent component, which could result in elevated privileges to root...

CVE-2025-61228

CVE-2025-61228 affects Shirt Pocket SuperDuper! versions 3.10 and earlier. The issue allows a local attacker to execute arbitrary code via the software update mechanism. The available sources indicate the vulnerability exists in pre-3.11 builds; mitigation is to update to version 3.11 (or later)....

VulnCheck KEV: CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

CVE-2025-38745

Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

Fedora: Security Advisory (FEDORA-2024-cae0bcc133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7116-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated...

PT-2024-10551 · Unknown · Tftp Server +1

Name of the Vulnerable Software and Affected Versions: Distinct Intranet Servers versions 3.10 and earlier Description: The issue allows remote attackers to read or write arbitrary files via a .. dot dot in the 1 get or 2 put commands. This is due to multiple directory traversal vulnerabilities i...

PT-2024-19229 · Cozmoslabs · Profile Builder

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Profile Builder Pro versions 3.10.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-32689 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-32689 Source advisory: OSV:GHSA-9PRM-JQWX-45X9...

APUS Launcher 安全漏洞

APUS Launcher is an application from Kirin Hesheng Technology APUS, a company based in Beijing, China. Automatically sorts your apps by category on the home screen to quickly and easily find the apps you want. A security vulnerability exists in APUS Launcher versions v.3.10.73 and v.3.10.88, whic...