11 matches found
PT-2026-54772
Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the POST /upi/v1/upNodesLinks handler, which processes attacker-controlled JSON input without authentication or authorization checks. An attacker can terminate the entire process by submitting a crafted...
Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).
Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...
Linux Distros Unpatched Vulnerability : CVE-2022-23517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient...
PT-2025-32372 · Unknown · Openmetadata
Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.4 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the DocStoreDAO interface. The entityType...
PT-2024-21806 · Zero G · Go-Zero
Name of the Vulnerable Software and Affected Versions: go-zero versions prior to 1.4.4 Description: The issue concerns the CORS Filter feature in go-zero, which allows users to specify an array of domains allowed in the CORS policy. However, the isOriginAllowed function uses strings.HasSuffix to...
Out-of-Bounds
Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects in...
Out-of-Bounds
Overview Microsoft.ChakraCore.vc140 is a core part of the Chakra JavaScript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects ...
Out-of-Bounds
Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects in...
PT-2017-5778 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4 Description: A cross-site scripting XSS issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
PT-2012-3898 · Catalyst It · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 1.4.x through 1.4.3 Mahara versions 1.5.x through 1.5.2 Description: The issue allows remote attackers to read arbitrary files or create TCP connections via an XML external entity XXE injection attack. This can be demonstrated...