10 matches found
Incorrect Authorization
Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP request handling process. An attacker can execute unauthorized actions by sending crafted cross-site POST requests with a CORS-safelisted Content-Type, bypassing origin and content-type...
Improper Neutralization of Equivalent Special Elements
Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in the htmlEscaped function. An attacker can inject malicious HTML or JavaScript...
Fedora 42 : checkpointctl (2025-909f303a85)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-909f303a85 advisory. Update checkpointctl to 1.4.1 CVE-2025-47906 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
PT-2025-47881
A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time entry.description leads to cross site scripting. The attack is possible to be carried out...
DoS vulnerability on `alloy_dyn_abi::TypedData` hashing
An uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially...
WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Transcoder versions = 1.4.0...
PT-2024-39109 · Unknown · Gouniverse Golang Cms
Name of the Vulnerable Software and Affected Versions: Gouniverse GoLang CMS version 1.4.0 Description: A vulnerability was found in Gouniverse GoLang CMS, affecting the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross-site...
PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector
Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...
PT-2020-19361 · Unknown +1 · Libiec61850 +1
Name of the Vulnerable Software and Affected Versions: libIEC61850 versions prior to 1.4.1 Description: The issue arises from a heap-based buffer overflow in the MmsValue decodeMmsData function when parsing the MMS BIT STRING data type. This occurs in the mms/iso mms/server/mms access result.c fi...