31 matches found
Improper Restriction of Names for Files and Other Resources
Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...
CVE-2022-31062
Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...
EUVD-2024-37272
Malicious code in bioql PyPI...
EUVD-2024-0007
Malicious code in bioql PyPI...
EUVD-2023-0012
Malicious code in bioql PyPI...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1093)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1093 advisory. For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: fro...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1031)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1031 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...
CVE-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...
Apache Tomcat 10.1.0.M1 < 10.1.41
The version of Tomcat installed on the remote host is prior to 10.1.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.41security-10 advisory. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constrain...
CVE-2024-9807
A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotel...
CVE-2024-45627
In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...
CVE-2022-31131
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...
CVE-2025-3940
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise...
CVE-2025-27533
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...
Debian dla-4149 : nagvis - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4149 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4149-1 [email protected]...
CVE-2025-26413 Apache Kvrocks: The server was crashed by the negative offset
Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...
CVE-2025-27391 Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: fro...
CVE-2025-2177
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbisearchnew of the file src/search.c. The manipulation of the argument patlen leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the...
Apache Tomcat 9.0.0.M1 < 9.0.99
The version of Tomcat installed on the remote host is prior to 9.0.99. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.99security-9 advisory. - Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/o...
CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions
Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue...