41 matches found
CVE-2026-8327
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...
BIT-LIBPYTHON-2026-3644 Incomplete control character validation in http.cookies
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...
PSF-2026-11
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...
CVE-2026-2850
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...
PT-2025-9063 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin for WordPress versions prior to 2.4.2 Description: The issue arises from insufficient input validation in the update method of the Members class, allowing authenticated attackers with subscriber-level privileges or higher ...
PT-2024-32287 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions 6.12.0 through 6.7.8 and before Description: The issue allows attackers to abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose, leading to a message forgery and impersonatio...
PT-2024-9471 · Veeam · Veeam Backup & Replication
Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability in the Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration...
Hotfix update for Exchange Server 2019 and 2016: April 23, 2024 (KB5037224)
Hotfix update for Exchange Server 2019 and 2016: April 23, 2024 KB5037224 Hotfix update for Microsoft Exchange Server 2019 and 2016 was released on April 23, 2024. It includes fixes for non-security issues and introduces new features. These fixes and features will also be included in later...
Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 (KB5030877)
Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 KB5030877 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...
M-06 Unmitigated
Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings13 Details This issue shows users may lose a portion of yield when protocolSafetyFee and vestingPeriod are changed. As mitigation, it recommends accruing interests before those parameters are changed. Mitigation P...
ROS-2-2174
2.2174 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
Medium: bash
Issue Overview: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parametertransform. This issue may lead to memory problems. CVE-2022-3715 Affected Packages: bash Issue Correction: Run dnf update bash --releasever 2023.0.20230322 or dnf update --advisory...
K99038439: NodeJS vulnerability CVE-2012-2330
Security Advisory Description The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero...
Description of the security update for Office Web Apps Server 2013: November 8, 2022 (KB5002261)
Description of the security update for Office Web Apps Server 2013: November 8, 2022 KB5002261 Summary This security update resolves a Microsoft Word information disclosure vulnerability, Microsoft Word remote code execution vulnerability, and Microsoft Excel remote code execution vulnerability. ...
CVE-2022-36101 Sensitive data in backend customer module
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update an...
H3C GR-1200W 缓冲区错误漏洞
The H3C GR-1200W is a Gigabit enterprise wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C GR-1200W MiniGRW1A0V100R006 version that stems from a stack overflow in the UpdateWanLinkspyMulti method...
Security update for containerd (moderate)
openSUSE Security Update: Security update for containerd Announcement ID: openSUSE-SU-2021:2412-1 Rating: moderate References: 1188282 Cross-References: CVE-2021-32760 CVSS scores: CVE-2021-32760 SUSE: 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L Affected Products: openSUSE Leap 15.3 An update...
Description of the security update for Office 2013: April 14, 2020
Description of the security update for Office 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists if Microsoft Office incorrectly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities an...
Servicing stack update for Windows 10, version 1903 and 1909: January 14, 2020
Servicing stack update for Windows 10, version 1903 and 1909: January 14, 2020 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable servicing stack so...
grub2 security update
2.02-78.0.2 - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 Orabug: 30607067...