5 matches found
CVE-2026-35215
CVE-2026-35215 – Firebird DoS via crafted slice packet Firebird, an open-source RDBMS, has a vulnerability in the sdl_desc() function across affected series prior to 5.0.4, 4.0.7, and 3.0.14. The function does not validate the length of a decoded SDL descriptor from a slice packet; a zero-length ...
Linux Distros Unpatched Vulnerability : CVE-2026-34232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the...
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...
WordPress Aqua SVG Sprite plugin <= 3.0.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Aqua SVG Sprite versions = 3.0.14...
UBUNTU-CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...