EUVD-2025-11958

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItemiden in image-items/iden.cc...

CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItemiden in image-items/iden.cc...

libheif 代码问题漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. A code issue vulnerability exists in libheif versions prior to 1.19.6 that stems from a null pointer dereference in the ImageItemiden function in image-items/iden.cc...

WordPress Shipping for Nova Poshta plugin <= 1.19.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Shipping for Nova Poshta versions = 1.19.6...

go-toolset:ol8 security and bug fix update

delve 1.9.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.9.1-1 - Rebase to 1.9.1 - Related: rhbz2131026 golang 1.19.6-1 - Rebase to Go 1.19.6 - Resolves: rhbz2174430 1.19.4-2 - Fix memory leaks in EVPsign,verifyraw - Resolves: rhbz2132767 go-toolset 1.19.6-1 - Rebase to Go...

AZL-13739 CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

AZL-13737 CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

Hostname spoofing via backslashes in URL

Overview Impact urijs before version 1.19.6 is affected by hostname spoofing issue. If using urijs to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, th...

GHSA-P6J9-7XHC-RHWP URIjs Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

PT-2021-17489 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: URI.js versions prior to 1.19.6 Description: The issue concerns the mishandling of backslash characters in certain URI schemes, such as http:/, which can lead to incorrect interpretation of the URI as a relative path. This can result in...

URI.js Security Vulnerability

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently splice URLs. A security vulnerability exists in URI.js before 1.19.6 that stems from incorrect handling of certain uses of backslashes e.g., http: / and interpreting URIs as relative paths...

CVE-2013-2032

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks...