20 matches found
OPENSUSE-SU-2026:20579-1 Security update for gosec
This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the MAXDISKUSAGE or...
CVE-2026-25478
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...
CVE-2026-25479
Litestar is an ASGI framework. Prior to 2.20.0, litestar.middleware.allowed_hosts compiles allowlist entries into regex patterns in a way that lets regex metacharacters retain special meaning (e.g., . matches any character). This can enable a bypass where a host that matches the regex is not the ...
Litestar 安全漏洞
Litestar is a powerful, flexible, yet stubbornly opinionated ASGI framework developed by Litestar itself. Versions of Litestar prior to 2.20.0 contained security vulnerabilities, which stemmed from improper compilation of allowlist entries, potentially allowing bypasses of hostname verification...
PT-2026-4654
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path...
Linux Distros Unpatched Vulnerability : CVE-2023-29571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gcsweep at src/mjsgc.c. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-46549
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parsecvaltype at src/mjsffi.c. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-37453
Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via the extension name stored...
CVE-2024-56156 Halo Vulnerable to Stored XSS and RCE via File Upload Bypass
Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks a...
WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 2.16 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin Bulk NoIndex & NoFollow Toolkit versions = 2.16...
CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai
mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...
[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40
A light weight Python library for the Spotify Web API...
PT-2024-26472 · Cesanta · Mjs
Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: An issue in Cesanta mjs allows a remote attacker to cause a denial of service via the mjs do gc function in the mjs.c file. Recommendations: For Cesanta mjs version 2.20.0, consider disabling the mjs do...
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. A denial of service vulnerability exists in Cesanta MJS version 2.20.0, which is caused by a flaw in the mjs+0x4ec508 component. An attacker could exploit this vulnerability to cause a denial of service...
WordPress plugin 10Web Booster security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
CVE-2022-2117
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been...
CVE-2022-28041
stbimage.h v2.27 was discovered to contain an integer overflow via the function stbijpegdecodeblockprogdc. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS v2.20.0 that could lead to a Denia...
SUSE-SU-2020:1992-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 bsc1173998: + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...