Linux Distros Unpatched Vulnerability : CVE-2025-15506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file...

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site ScriptingXSS vulnerability in the message function...

CVE-2024-34255

CVE-2024-34255 affects jizhicms v2.5.1 with a Cross-Site Scripting (XSS) vulnerability in the message function. Root cause: input in the message functionality can be reflected/stored and executed in a victim’s browser. CVSSv3.1 base score 6.1 (MEDIUM) with Network attack, no privileges required, ...

CVE-2023-40922

Kerawen before v2.5.1 has a SQL injection via the ocs_id_cart parameter in KerawenDeliveryModuleFrontController::initContent(), affecting versions prior to 2.5.1. CVSS 3.1 base 9.8 (CRITICAL): No privileges, network vector, no user interaction; impacts confidentiality, integrity, and availability...

CVE-2022-44351

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php...

Deserialization of untrusted data

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php...

CVE-2022-44351

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php...

CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...

GHSA-M7GR-5W5G-36JF Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service

Withdrawn Advisory This advisory has been withdrawn because it is a bug, not a vulnerability. According to the maintainer, the bug only affects the client side of the request and cannot cause a denial of service on the server. Original Description An out-of-bounds read in the rewrite function at...

Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service

Withdrawn Advisory This advisory has been withdrawn because it is a bug, not a vulnerability. According to the maintainer, the bug only affects the client side of the request and cannot cause a denial of service on the server. Original Description An out-of-bounds read in the rewrite function at...

CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...

Cross site scripting

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI...

CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...

CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...

Security Bulletin: Upgrade to IBP v2.5.1 to address recent concerns/issues with Golang versions other than 1.14.12

Summary There were several security problems found with various/other releases of Golang. We have moved the Golang provided in IBP components and also the Golang used to compile Go-based components in IBP to version 1.14.12. Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could...

Fedora 27 : singularity (2018-02051f8300)

This rebases singularity from 2.2.1 to 2.5.1, which should include all corresponding updates n.b. a request for rebase permission has been put into FESCo; hence auto-push has been disabled until they approve. Please test for functionality and backward compatibility issues, particularly around the...

Cicada-known Enterprise Portal system v2. 5. 1 to bypass the patch to continue injection-vulnerability warning-the black bar safety net

/system/module/user/model.php public function update$account / If the user want to change his password. / if$this-post-password1 != false $this-checkPassword; ifdao::isError return false; $password = $this-createPassword$this-post-password1, $account; $this-post-set'password', $password; $user =...