13 matches found
CVE-2026-21853
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
CVE-2026-21853
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
CVE-2026-21853
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...
AFFiNE.Pro 代码注入漏洞
AFFiNE.Pro is an open-source next-generation knowledge base developed by Toeverything. Versions of AFFiNE.Pro prior to 0.25.4 contained a code injection vulnerability. This vulnerability occurred due to specially crafted affine: URLs, which could lead to remote code execution with just one click...
PT-2026-22689
Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.25.4 Description AFFiNE is an open-source workspace and operating system. Versions prior to 0.25.4 contain a one-click remote code execution issue. An attacker can exploit this by embedding a specially crafted affine...
PT-2022-4899 · Unknown · Enlightenment
Name of the Vulnerable Software and Affected Versions: Enlightenment versions prior to 0.25.4 Description: The issue is related to the Enlightenment window manager's system file, specifically with the enlightenment sys component. It is setuid root and mishandles pathnames that begin with a /dev/...
Design/Logic Flaw
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createcollation has a use-after-free...
Design/Logic Flaw
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createwindowfunction has a use-after-free...
Design/Logic Flaw
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createscalarfunction has a use-after-free...
Design/Logic Flaw
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. createaggregatefunction has a use-after-free...
Rust rusqlite crate 资源管理错误漏洞
Rust rusqlite crate is an ergonomic wrapper for using SQLite from Rust. it attempts to expose a rust-postgres-like interface. versions 0.25.x prior to 0.25.4 and 0.26.x prior to 0.26.2 of Rust rusqlite crate are vulnerable to security vulnerability, which stems from a resource management error in...
Fedora 11 : puppet-0.25.4-1.fc11 (2010-1079)
The update from 0.24.x to 0.25.x brings many, many changes and improvements to puppet. The upstream release notes cover them in detail: http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes Of note is that 0.25.x clients do not work with 0.24.x masters, so it is important to update the master...