9 matches found
EUVD-2025-210295
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...
GHSA-3CV2-H65G-FGMM astral-tokio-tar has a PAX Header Desynchronization issue
Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...
astral-tokio-tar is Vulnerable to PAX Header Desynchronization
Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...
SQL Injection
Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection due to improper neutralization in the query context handling process. An attacker can execute unintended SQL...
Access Control Bypass
Overview docksible is a Deploy and set up Docker Compose based web apps with Ansible Affected versions of this package are vulnerable to Access Control Bypass. This vulnerability allows attackers to exploit the /xmlrpc.php endpoint in WordPress, enabling brute force attacks, DDoS attacks, and...
Arbitrary Code Injection
Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...
PT-2024-28437 · Toy-Blog · Toy-Blog
Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.5.4 through 0.6.0 Description: The issue allows articles with private visibility to be read without proper credentials. This can lead to unauthorized access to sensitive information. Users are advised to upgrade to a newer...
PT-2023-11360 · Unknown · Simple-Markdown
Name of the Vulnerable Software and Affected Versions: simple-markdown version 0.6.0 Description: A problematic vulnerability was found in the simple-markdown software, affecting an unknown function of the file simple-markdown.js. The issue arises from inefficient regular expression complexity wh...
PT-2019-6839
Name of the Vulnerable Software and Affected Versions haskell-tls-extra versions prior to 0.6.1 Description The issue concerns a problem with certificate validation where the Basic Constraints attribute is not properly checked. This means any certificate is treated as a CA certificate, allowing a...