PT-2026-35715

Name of the Vulnerable Software and Affected Versions Minerva version 3.6.0 Description An insecure direct object reference IDOR issue exists in the '/minerva/moUser/show/' endpoint. An authenticated user can access data of other registered users and obtain a user list by modifying the ID variabl...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

EUVD-2023-2221

Malicious code in bioql PyPI...

EUVD-2022-32566

Malicious code in bioql PyPI...

Realtek AP-Router SDK Security Vulnerability

Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek, a Chinese company. A security vulnerability exists in the Realtek AP-Router SDK that stems from a stack-based buffer overflow vulnerability in the boa formRoute feature, which can lead to remote...

Realtek AP-Router SDK Input Validation Error Vulnerability

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

Cross site request forgery (csrf)

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

CVE-2024-25407

CVE-2024-25407 affects SteVe v3.6.0. The issue is that StartTransaction requests use predictable transaction IDs, enabling an attacker to terminate other transactions and cause a DoS. The CVE records consistently describe this vulnerability and note a PoC in one data source; no concrete remediati...

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service DoS by using the predicted transaction ID's to terminate other transactions...

CVE-2023-40788

SpringBlade 3.6.0 to remediate.

SpringBlade vulnerable to SQL injection

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

Fedora 38 : libheif (2023-fd63c401df)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-fd63c401df advisory. Fixes an incompatibility with AOM v3.6.0 and includes a couple of smaller fixes. Also fixes a stack overflow with some crafted images. Tenable has extracted...

SUSE CVE-2021-4184

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file...

Amazon Linux 2022 : bsdcat, bsdcpio, bsdtar (ALAS2022-2022-201)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-201 advisory. An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with...

Amazon Linux 2022 : bsdcat, bsdcpio, bsdtar (ALAS2022-2022-103)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-103 advisory. An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with...