12 matches found
CVE-2026-55153
A flaw was found in mchange-commons-java, a Java utility library. This vulnerability allows a remote attacker to achieve arbitrary code execution through Java Naming and Directory Interface JNDI injection. The library's JNDI ObjectFactory can construct objects of arbitrary classes and initialize...
req 注入漏洞
“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.5.3 to 0.6.0 had an injection vulnerability. This vulnerability stemmed from improper neutralization of CRLF sequences, which could lead to multipart parameter smuggling through parts of the...
Fedora 44 : rust-sequoia-git (2026-0a72408e1b)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0a72408e1b advisory. Update to version 0.6.0. Addresses RUSTSEC-2026-0109. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13070 more potentially affected by CVE-2026-41673 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2026-41673 Source advisory: SNYK:JS-XMLDOM-16134529...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13070 more potentially affected by CVE-2026-41672 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2026-41672 Source advisory: OSV:GHSA-J759-J44W-7FR8...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...
PT-2025-45102
Name of the Vulnerable Software and Affected Versions Doris MCP Server versions prior to 0.6.0 Description An attacker with a valid read-only account can bypass the Doris MCP Server’s read-only mode due to improper access control. This allows modifications that should have been prevented by...
RUSTSEC-2025-0070 Pingora MadeYouReset HTTP/2 vulnerability
Pingora deployments using versions prior to 0.6.0 that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the...
@amitport/koangular-users (=0.0.0), @antimatter-studios/dredd (>=14.1.0 <=15.0.11) +202 more potentially affected by CVE-2020-7709 via json-pointer (>=0.0.4 <=0.6.0)
json-pointer NPM version =0.0.4, =14.1.0, =0.0.1, =0.0.2, =0.0.1, =1.2.6, =2.7.2, =1.0.0, =0.0.0-development, =1.0.0, =2.21.3, =0.1.0, =1.0.1 - ajv-moment =1.0.0 and more Source cves: CVE-2020-7709 Source advisory: OSV:GHSA-7MG4-W3W5-X5PC...
CVE-2020-8936 Arbitrary enclave memory overwrite vulnerability in ECall ecall_restore
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgxparams and allowed the host to return a pointer that was an address within the enclave memory. This allowe...
CVE-2007-6664
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter...
DOS@Orenosv
DOSOrenosvHTTPd.bat @echo on :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: Orenosv Server :Vendors: http://home.comcast.net/makataoka/orenosv060.zip :Version: =0.6.0 :Platforms: Windows :Bug: D.O.S :Date: 2004-06-02 :Author: CoolICE :E-mail: CoolICEChina.com...