24 matches found
CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
BIT-GDAL-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow
A vulnerability has been found in OSGeo gdal up to 3.13.0. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has be...
CVE-2026-8213
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...
OESA-2026-2151 libXpm security update
X.Org X11 libXpm runtime library Security Fixes: A vulnerability was found in X.org libXpm up to 3.5.4. It has been classified as problematic.CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.This is going to have an impa...
EUVD-2026-22227
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...
PT-2026-22021
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A previous fix for a heap-use-after-free issue was incomplete. The vulnerable code exists in the SDL2 implementation, where a pointer...
CVE-2026-25738
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...
CVE-2026-22922
CVE-2026-22922 affects Apache Airflow versions 3.1.0–3.1.6, where an authorization flaw could allow an authenticated user with custom permissions limited to task access to view task logs without task-log access. The issue has been fixed in Airflow 3.1.7 and later. Practical impact is limited to l...
CVE-2025-14607
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...
PT-2025-38753
Name of the Vulnerable Software and Affected Versions versions prior to 3.2 Description A timing attack issue exists in the SCRAM Java implementation due to the use of Arrays.equals for comparing sensitive values like client proofs and server signatures. Arrays.equals performs a short-circuit...
AZL-43372 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
PT-2023-26182 · Opendds · Opendds
Name of the Vulnerable Software and Affected Versions: OpenDDS versions prior to 3.25 Description: OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. It crashes while parsing a malformed PID PROPERTY LIST in a DATA submessage during...
PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts
Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...
PT-2023-17043 · Unknown · Mobilmen Terminal
Name of the Vulnerable Software and Affected Versions: Mobilmen Terminal Software versions prior to 3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
PT-2023-20452
Name of the Vulnerable Software and Affected Versions Saleor versions prior to 3.1.48 Saleor versions prior to 3.7.59 Saleor versions prior to 3.8.0 Saleor versions prior to 3.9.27 Saleor versions prior to 3.10.14 Saleor versions prior to 3.11.12 Description Some internal Python exceptions are no...
SUSE CVE-2021-21330
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...
PT-2023-12824
Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.16.0 Description The issue is related to Remote Code Execution RCE due to improper input sanitization in the clone, pull, push, and listRemote methods. This vulnerability exists because of an incomplete fix of a...
PT-2022-8296 · Github · Hide Files On Github
Name of the Vulnerable Software and Affected Versions: Hide Files on GitHub versions up to 2.x Description: A problematic issue has been found in Hide Files on GitHub, affecting the function addEventListener of the file extension/options.js. This issue leads to cross-site scripting and can be...
CVE-2022-3333
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...