Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fi...

CVE-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

NewStart CGSL MAIN 7.02 : python-urllib3 Vulnerability (NS-SA-2025-0073)

The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by a vulnerability: - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to t...

PT-2025-22780 · Woocommerce · Storekeeper For Woocommerce

Name of the Vulnerable Software and Affected Versions: StoreKeeper for WooCommerce versions through 14.4.4 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...

PT-2025-20165 · Yaysmtp · Yaysmtp

Name of the Vulnerable Software and Affected Versions: YaySMTP versions n/a through 2.6.4 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind SQL Injection, which can be exploited...

CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

Mozilla Firefox ESR Security Update (MFSA2024-40) - Mac OS X

Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2024-56357 Cross-site Scripting vulnerability through custom widget URLs and form redirect URLs in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript: scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1...

CVE-2024-47816

CVE-2024-47816 affects the ImportDump MediaWiki extension. The root issue is that a user’s local actor ID is stored in the database, enabling a user on a different wiki with the same actor ID to impersonate the original requester. This can be abused to create new comments, edit the request, and v...

CVE-2023-46243 Code execution via the edit action in XWiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...

PT-2023-8455 · FFmpeg · Ffmpeg

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to 6.1 Description: The issue is related to an integer overflow vulnerability in the jpegxl anim read packet function of the JPEG XL Animation decoder in the FFmpeg multimedia library. This vulnerability can be exploited...

CVE-2022-41918

OpenSearch has a vulnerability where fine-grained access controls (document-level security, field-level security, and field masking) are not correctly applied to the indices backing data streams, potentially allowing incorrect access authorization. The issue affects OpenSearch prior to the patche...

CVE-2022-34917

Apache Kafka (CVE-2022-34917) is vulnerable to denial of service due to a memory allocation issue on brokers triggered by malicious unauthenticated clients. Affected releases start from 2.8.0 onward, with scenarios including clusters without authentication, with SASL, or with TLS (TLS requires su...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and...

CVE-2022-21650

CVE-2022-21650 describes a stored XSS in Convos, caused by filtering bypass for file uploads: an SVG file uploaded with an .html extension bypasses the upload filter, allowing stored XSS that triggers when a user views the file. The vulnerability affects the Convos web-based chat application and ...

CVE-2021-41832

CVE-2021-41832 concerns Apache OpenOffice data forgery via signature manipulation. The issue allows an attacker to cause a document to appear signed by a trusted source, affecting all OpenOffice versions up to 4.1.10. The advised remediation is to upgrade to OpenOffice 4.1.11. While several relat...

PT-2021-20531 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: libtpms versions prior to 0.8.2 Description: A flaw in libtpms, specifically in its integration with OpenSSL, relates to the handling of the initialization vector IV when using certain symmetric ciphers. The issue causes the return of the...

Google Releases Chrome 16.0.912.75

Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

[USN-1031-1] ClamAV vulnerabilities

=========================================================== Ubuntu Security Notice USN-1031-1 December 10, 2010 clamav vulnerabilities CVE-2010-4260, CVE-2010-4261, CVE-2010-4479 =========================================================== A security issue affects the following Ubuntu releases:...

Virus Buster 2001(ver8.02) Buffer Overflow

Hi, I found a vulnerability in the feature of virus scan for e-mail in Virus Buster 2001program version 8.02 from Trend Micro Inc. Virus Buster 2001 is a japanese software package that has similar functions of PC-cillin 2000 such as eMail Virus Scanning and Browser Scanningscanning web contents...