17 matches found
CVE-2025-27511
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...
CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13
CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13. A patched version of the package is available...
CVE-2026-34606 Stored XSS in Frappe LMS
Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...
OESA-2026-1342 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...
CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
CVE-2025-47776
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...
Baicells多款产品 安全漏洞
Baicells Nova 436Q and others are products of Baicells, Inc.Baicells Nova 436Q is an advanced dual-carrier outdoor eNodeB eNB. Baicells Nova 227 and others are products of the company.Baicells Nova 227 is a miniature base station.Baicells NEUTRINO430 is an LTE base station. A security vulnerabili...
SUSE CVE-2010-3557
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...
PT-2023-19365 · Baicells · Baicells Nova 233 +2
Name of the Vulnerable Software and Affected Versions: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 Description: The issue concerns hardcoded credentials in the firmware of the affected devices. These credentials are easily discoverable a...
stb 资源管理错误漏洞
stb is a single-file public domain library for C/C ++. A security vulnerability exists in nothings stb version 2.27, which stems from a heap-based post-release reuse issue in the function stbijpeghuffdecode in the file stbimage.h. The vulnerability is caused by a heap-based post-release reuse iss...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...
CVE-2020-26290
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library...
PT-2020-2006 · Php +7 · Php +7
Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.26 PHP versions 7.3.x through 7.3.13 PHP versions 7.4.x through 7.4.1 Description: The issue is related to the fgetss function in PHP, which can be exploited to read past the allocated buffer when used to read...
GNU C Library Arbitrary Code Execution Vulnerability
The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the stdlib/canonicalize.c file in GNU C Library version 2.27 and earlier. An attacker can exploit this vulnerability to execute arbitrary code...
DEBIAN-CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper...
GNU C Library 'glob' Function Buffer Overflow Vulnerability
The GNU C Library aka glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A buffer overflow vulnerability exists in the 'glob' function of the glob.c file in versions of the GNU C Library prior to 2.27. A remote attacker could exploit this vulnerability to...
GNU C Library Buffer Overflow Vulnerability
The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A buffer overflow vulnerability exists in the 'glob' function of the glob.c file in versions of the GNU C Library prior to 2.27. A remote attacker could exploit this vulnerability to...