SUSE CVE-2017-18906

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account...

CVE-2026-22709

CVE-2026-22709 affects the vm2 Node.js sandbox module prior to 3.10.2. The vulnerability arises because Promise.prototype.then/catch sanitization is incomplete: the globalPromise path isn’t sanitized in lib/setup-sandbox.js, allowing an attacker to escape the sandbox and execute arbitrary code. U...

PT-2026-4821

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.2 Description vm2 is a Node.js library used to create sandboxed environments for executing untrusted code. A flaw exists in versions prior to 3.10.2 where the sanitization of Promise.prototype.then and...

EUVD-2024-2609

Malicious code in bioql PyPI...

CVE-2025-49034 WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.10.2...

CVE-2024-3287

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

CVE-2025-2203

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

DEBIAN-CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

UBUNTU-CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

CVE-2025-32776 OpenRazer Vulnerable to Out of Bounds Read

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

CVE-2025-32776

OpenRazer is affected by CVE-2025-32776 where writing specially crafted data to /matrix_custom_frame can cause the kernel driver to read more bytes than provided by userspace, with the extra data ending up in RGB arguments sent to the USB device. This is an out-of-bounds read in the OpenRazer dri...

PT-2025-15282 · Gdal +1 · Gdal +1

Name of the Vulnerable Software and Affected Versions: gdal version 3.10.2 Description: The issue is a Buffer Overflow vulnerability that allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. Recommendations: For gdal version 3.10.2, as a temporary...

GDAL 安全漏洞

GDAL is an open source geospatial data abstraction library from GDAL Open Source. A security vulnerability exists in GDAL version 3.10.2, which originates from a denial of service that can be exploited by a local attacker to cause a buffer overflow via the OGRSpatialReference::Release function...

WordPress plugin Posti Shipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

OESA-2024-2254 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root...

SUSE CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

aiohttp < 3.10.2 Path Traversal Vulnerability - Windows

aiohttp is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

AZL-47754 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...