ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42581 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42581 Source advisory: SNYK:JAVA-IONETTY-16438934...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2758 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets

Xu Biang reports: The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash and, depending on the compiler options, even a heap-based buffer overflow that's potentially exploitable...

DEBIAN-CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

CVE-2023-47380

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

Cisco Finesse 跨站脚本漏洞

Cisco Finesse is a suite of call center management software from Cisco. A security vulnerability exists in Upstream Works for Cisco Finesse version 4.2.12 and earlier, and version 5.x prior to 5.3, which stems from the presence of a stored cross-site scripting XSS vulnerability...

SUSE CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

Sensio Labs Symfony Code Execution Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A code execution vulnerability exists in Sensio Labs Symfo...

phpMyAdmin Multiple Vulnerabilities (PMASA-2014-15, PMASA-2014-16) - Windows

phpMyAdmin is prone to multiple cross-site scripting XSS and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

phpMyAdmin Multiple Vulnerabilities (PMASA-2014-13, PMASA-2014-14) - Windows

phpMyAdmin is prone to multiple cross-site scripting XSS and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Request Tracker (RT) 4.x < 4.2.12 Multiple XSS Vulnerabilities

Request Tracker RT is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Request Tracker Cross-Site Scripting Vulnerability (CNVD-2015-05859)

Request Tracker is Request Tracker issue tracking system for bug tracking, customer service, workflow processing, change management, web operations, youth counseling and more. A cross-site scripting vulnerability exists in versions of Request Tracker prior to 4.2.12, which allows remote attackers...

DEBIAN-CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

DEBIAN-CVE-2015-5475

Multiple cross-site scripting XSS vulnerabilities in Request Tracker RT 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 user and 2 group rights management pages...

Bugzilla < 4.0.16 / 4.1.1 < 4.2.12 / 4.3 < 4.4.7 / 4.5 < 4.5.6 Command Injection

Binary data 8913.prm...

[ MDVSA-2014:228 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:228 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : November 26, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : - Multiple XSS vulnerabilities CVE-2014-8958. - Local file inclusion vulnerability CVE-2014-8959. - XSS vulnerability in error reporting functionality CVE-2014-8960. - Leakage of line count of an arbitrary file...

Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability

No description provided by source. sitellitehttp://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz v 4.2.12 DORK : powered by Sitellite FOUND BY : o0xxdark0o o0xxdark0oatmsn.com Website: http://www.sitellite.org/ DOWNLOAD :...

WordPress Plugin CiviCRM '_value' Parameter SQL Injection Vulnerability

CiviCRM is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...