41 matches found
UBUNTU-CVE-2025-3506
Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and Checkmk 2.4.0b6 allows attacker to access files that could contain secrets...
CLSA-2025-1742474086 bind: Fix of CVE-2022-3094
CVE-2022-3094: fix resources exhaustion issue caused by flood of dynamic DNS updates...
Aim allows denial of service due to no timeouts for some tracking server endpoints
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...
Advisory ROSA-SA-2025-2689
Software: scipy 1.0.0 OS: ROSA Virtualization 3.0 packageevrstring: scipy-1.0.0-21.0.2 CVE-ID: CVE-2023-29824 BDU-ID: 2024-07432 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the PyFindObjects function of the PyFindObjects library for the open source Python programming language scipy is relat...
WordPress WP Visual Adverts plugin <= 2.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WP Visual Adverts versions = 2.3.0...
Docker Desktop Security Vulnerabilities
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
CVE-2023-38679
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...
CVE-2023-35781
Cross-Site Request Forgery CSRF vulnerability in LWS Cleaner plugin = 2.3.0 versions...
CVE-2023-3058
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...
PT-2022-26953 · Siemens · Simcenter Star-Ccm+
Name of the Vulnerable Software and Affected Versions: Simcenter STAR-CCM+ versions prior to V2306 Description: A vulnerability has been identified in the affected application, where it improperly assigns file permissions to installation folders. This could allow a local attacker with an...
WordPress plugin WP 2FA 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
CVE-2022-30155
Windows Kernel Denial of Service Vulnerability...
CVE-2022-30922
creationtimestamp| type| source ---|---|--- 2022-06-08 18:32:46+00:00| seen| https://t.me/cibsecurity/44040...
CVE-2022-30688
creationtimestamp| type| source ---|---|--- 2022-05-17 22:27:47+00:00| seen| https://t.me/cibsecurity/42852...
CVE-2022-30412
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/updatestatus.php?id=...
DEBIAN-CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2021-38478
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
DEBIAN-CVE-2021-32740
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...
deep-floorplan (=0.0.0) potentially affected by CVE-2020-15195 via tensorflow-gpu (=2.3.0)
tensorflow-gpu PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - deep-floorplan =0.0.0 Source cves: CVE-2020-15195 Source advisory: OSV:GHSA-63XM-RX5P-XVQR...
AZL-44928 CVE-2020-11760 affecting package OpenEXR 2.3.0-6
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...