CVE-2022-47925

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected b...

CVE-2022-23624

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

CVE-2024-46984

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Hibernate Validator

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Hibernate Validator. Vulnerability Details CVEID:CVE-2023-1932 DESCRIPTION: Hibernate Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Signature Bypass

github.com/dexidp/dex is vulnerable to Signature Bypass. The vulnerability is due to issues with XML encoding in the underlying Go library by using the xml-roundtrip-validator from Mattermost, which allows an attacker to bypass the signature verification process in SAML assertions...

DEBIAN-CVE-2024-57929

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller ...

OESA-2025-1067 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for...

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions 1.6.3 and 1.6.4, which stems from the presence of an integer underflow issue...

MAL-2024-11986 Malicious code in github-webhook-ip-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f79e9ee6cff5a23b100ddebd86bfed06e6f9f7c3179df1ff6f0667b0a833ffef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Linux 9 : unbound:1.16.2 (ELSA-2024-11232)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-11232 advisory. - Fix unbounded name compression could lead to Denial of Service CVE-2024-8508 - Ensure group access correction reaches also updated configs CVE-2024-1488 -...

unbound:1.16.2 security update

1.16.2-8.1 - Fix unbounded name compression could lead to Denial of Service CVE-2024-8508 1.16.2-8 - Ensure group access correction reaches also updated configs CVE-2024-1488 1.16.2-7 - Ensure only unbound group can change configuration CVE-2024-1488 1.16.2-6 - Fix KeyTrap - Extreme CPU consumpti...

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions 1.6.4 through 2.0.0 that stems from the inclusion of an integrity validation issue...

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator version 1.6.4 and earlier, which stems from a validation integrity issue that could lead to incomplete routing origin validation data...

The vulnerability of the NICMx Fort validator is related to buffer overflow in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the NICMx Fort validator is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Malicious code in dep-validator-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af93a927101a23e38ce34664c1c85dc8651f0e3a5a066ec9a110caabe4cadcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10960 Malicious code in dep-validator-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af93a927101a23e38ce34664c1c85dc8651f0e3a5a066ec9a110caabe4cadcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11463

The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2024-11463

CVE-2024-11463 affects the DeBounce Email Validator WordPress plugin (all versions up to 5.6.5). It enables Reflected Cross-Site Scripting via from, to, and key parameters, allowing unauthenticated attackers to inject scripts in pages/actions triggered by user interaction. The vulnerability is do...

CVE-2024-11463 DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting

The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2024-11463 DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting

The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...