CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

PDF Invoices & Packing Slips for WooCommerce 信息泄露漏洞

PDF Invoices & Packing Slips for WooCommerce is a WP Overnight open source tool for creating, printing, and automatically sending PDF invoices for WooCommerce orders. An information disclosure vulnerability exists in PDF Invoices & Packing Slips for WooCommerce versions prior to 4.0.0, which stem...

AZL-55658 CVE-2024-12088 affecting package rsync for versions less than 3.4.1-1

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin ElementInvader Addons for Elementor versions = 1.2.6...

AZL-55340 CVE-2024-56776 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

AZL-55032 CVE-2024-56758 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio When we call btrfsreadfolio to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping like remove it with...

AZL-55280 CVE-2024-56722 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots o...

AZL-54437 CVE-2024-45338 affecting package influxdb for versions less than 2.7.3-9

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-53420 CVE-2024-50195 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...

AZL-49835 CVE-2024-46860 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921ipv6addrchange When disabling wifi mt7921ipv6addrchange is called as a notifier. At this point mvif-phy is already NULL so we cannot use it here...

PT-2024-28220 · Unknown · Codection Import/Export Users/Customers

Name of the Vulnerable Software and Affected Versions: Codection Import and export users and customers versions n/a through 1.26.8 Description: The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. This affects...

AZL-34684 CVE-2023-52426 affecting package expat for versions less than 2.6.2-1

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

AZL-35384 CVE-2023-51258 affecting package yasm for versions less than 1.3.0-16

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the newToken function in the modules/preprocs/nasm/nasm-pp:1512...

SUSE CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

AZL-32229 CVE-2023-48795 affecting package terraform for versions less than 1.3.2-25

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-32179 CVE-2023-6377 affecting package xorg-x11-server for versions less than 1.20.10-5

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

AZL-35298 CVE-2023-46129 affecting package telegraf for versions less than 1.29.4-1

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...

CVE-2023-31174

A Cross-Site Request Forgery CSRF vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more...

AZL-28074 CVE-2020-22219 affecting package flac for versions less than 1.4.3-1

Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder...

AZL-34669 CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...