GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

Avahi 安全漏洞

Avahi is the Avahi open source set of local service discovery tools for Linux. A security vulnerability exists in Avahi 0.9-rc2 and earlier versions, which stems from sending two unsolicited announcements containing CNAME resource records 2 seconds apart, which could cause avahi-daemon to crash...

PT-2025-44289

Name of the Vulnerable Software and Affected Versions Jenkins Azure CLI Plugin versions 0.9 and earlier Description The Jenkins Azure CLI Plugin does not restrict the commands it executes on the Jenkins controller. This allows attackers with Item/Configure permission to execute arbitrary shell...

WordPress plugin Flickr set slideshows SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Flickr set...

WordPress Code Clone plugin <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter vulnerability

Authenticated Administrator+ SQL Injection via snippetId Parameter vulnerability discovered by Hoang Phuc Vo HrxKnight in WordPress Plugin Code Clone versions = 0.9...

WordPress ACL Floating Cart for WooCommerce plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin ACL Floating Cart for WooCommerce versions = 0.9...

PT-2024-24192 · Unknown · Waxlab Wax +1

Name of the Vulnerable Software and Affected Versions: Waxlab wax versions 0.9-3 and earlier Description: The issue allows an attacker to cause a denial of service via the Lua library component. Recommendations: For versions 0.9-3 and earlier, consider disabling the Lua library component as a...

br.com.digisan:digisan-java (>=1.0.7 <=1.0.10), com.adaptrex:adaptrex-complete (>=0.9.1 <=0.9.10) +810 more potentially affected by CVE-2014-3643 via com.sun.jersey:jersey-core (>=0.9-ea <=1.12-b01)

com.sun.jersey:jersey-core MAVEN version =0.9-ea, =1.0.7, =0.9.1, =0.1.1, =0.9.1, =v0.27.12, =2.0.4, =1.0.2, =1.0.2, =1.0.1-3, =2.0, =2.0, =1.1.0.1, =1.1.0.1, =4.2.0, =4.2.0, =5.4.3 and more Source cves: CVE-2014-3643 Source advisory: OSV:GHSA-5M48-VR54-VMH3...

Design/Logic Flaw

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the...

PT-2023-1331 · Xiph +6 · Opusfile +6

Name of the Vulnerable Software and Affected Versions: xiph opusfile versions 0.9 through 0.12 Description: A null pointer dereference issue was discovered in functions op get data and op open1 in opusfile.c. This issue may allow attackers to cause a denial of service or other unspecified impacts...

au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +44 more potentially affected by CVE-2018-8023 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.4.0)

org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =0.0.3, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =1.5.0 and more Source cves: CVE-2018-8023 Source advisory: OSV:GHSA-C8CC-P3J7-4C7F...

Apache Qpid Proton python API plaintext transfer vulnerability

Apache Qpid is an object-oriented messaging middleware developed by the Apache Software Foundation. The Proton python API is an API that supports the python language and implements the AMQP 1.0 protocol. A security vulnerability exists in the Apache Qpid Proton python API versions 0.9 through...

CVE-2011-4929

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors...