359 matches found
CVE-2025-27097
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27097
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
Improper Data Encryption
Temporal api-go is vulnerable to Improper Data Encryption. The vulnerability is due to missing Data Converter transformations due to the update response information not being processed by the Data Converter when using a gRPC proxy with the api-go module, leading to unencrypted data exposure...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
GHSA-Q9W6-CWJ4-GF4P Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
PT-2025-2936
Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...
PT-2025-33109
Name of the Vulnerable Software and Affected Versions: Active Storage versions 5.2.0 through 8.0.2.1 Description: Active Storage allows the use of potentially unsafe image transformation methods and parameters by default. This can lead to command injection vulnerabilities when arbitrary...
PT-2024-7417 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Clo...
GHSA-6CR6-PH3P-F5RF XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where extern...
PT-2024-31547 · Unknown · Hl7 Fhir Core Artifacts
Name of the Vulnerable Software and Affected Versions: HL7 FHIR Core Artifacts repository versions prior to 6.3.23 Description: The issue concerns XML external entity injections in XSLT transforms performed by various components. A processed XML file with a malicious DTD tag could produce XML...
openSUSE Security Advisory (SUSE-SU-2024:2786-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: python-astropy-5.3.3-1.fc40
The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...
[SECURITY] Fedora 39 Update: python-astropy-5.3.3-1.fc39
The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...
The vulnerability in the compilation of compilers for various programming languages in the GNU Compiler Collection (GCC) relates to the incorrect handling of the sum of a pointer and an integer. This vulnerability allows an attacker to trigger a service failure or cause other adverse effects.
The vulnerability in the compiler set for various programming languages in the GNU Compiler Collection GCC relates to the incorrect handling of the sum of a pointer and an integer, when the sum is greater than or equal to the pointer, without using transformations. This can lead to the...