Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

wolfSSH 安全漏洞

wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.21 and earlier versions, which stems from a key exchange state machine that can be manipulated, potentially leading to the disclosur...

EUVD-2024-1257

Malicious code in bioql PyPI...

CVE-2024-32005

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

GHSA-HFQ9-HGGM-C56Q XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. Patches XStream 1.4.21 detects the manipulation ...

PT-2024-25186 · Unknown · Webbax Supernewsletter

Name of the Vulnerable Software and Affected Versions: Webbax supernewsletter versions 1.4.21 and earlier Description: The issue allows a remote attacker to escalate privileges via the Super Newsletter module in the product search.php component. Recommendations: For versions 1.4.21 and earlier,...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, SMS alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop Webbax v.1.4.21 and earlier versions, which originates from a vulnerabili...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

CVE-2024-32005

CVE-2024-32005 : Local File Inclusion in NiceGUI’s leaflet component allows reading any backend file accessible to the web server via requests to /_nicegui/{version }/resources/{key}/{path:path}. Affected upstream: NiceGUI before 1.4.21. Impact: arbitrary file read on the server. Remediation: upg...

CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

PT-2024-24354 · Nicegui · Nicegui

Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 1.4.21 Description: A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...

SUSE CVE-2011-2753

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving 1 the empty trash implementation and 2 the Index Order aka optionsorder page, a different issue than...

kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

Coppermine Photo Gallery <= 1.4.21 'css' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34782/info Coppermine Photo Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

SquirrelMail: Prone to clickjacking attacks

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

SquirrelMail: CRLF injection vulnerability

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n newline character, a different vulnerability than CVE-2010-4555...