5 matches found
GHSA-HWR4-MQ23-WCV5 mercure has Topic Selector Cache Key Collision
Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...
PT-2025-54469
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.22.0 Description RAGFlow is a Retrieval-Augmented Generation engine. Versions prior to 0.22.0 utilize an insecure key generation algorithm when creating API keys and beta tokens assistant/agent share auth. This allo...
SUSE CVE-2024-24819
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input. PoC: java public static void poc Path path = Paths.get"whoami"; DockerClient.isDockerInstalledpath; Remediation Upgrade...
PT-2022-11685 · Opensc +2 · Opensc +2
Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A heap use after free issue was found in the sc file valid function. This issue can potentially be exploited, but no specific details about the estimated number of affected devices or real-world...