15 matches found
CVE-2026-48984
pam_usb for Linux (affected: v0.9.1 and earlier) has a memory handling flaw where xfree() frees buffers without zeroing contents, potentially leaving sensitive data (including one-time pad bytes) in freed heap memory. On systems with use-after-free or heap inspection capabilities, this could perm...
akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)
simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:GHSA-44VG-5WV2-H2HG...
1xn-vmcp (>=0.5.2 <=0.6.1), a2c-smcp (>=0.1.1rc0 <=0.1.5) +405 more potentially affected by CVE-2025-66416 via mcp (>=0.9.1 <=1.22.0)
mcp PYPI version =0.9.1, =0.5.2, =0.1.1rc0, =0.7.2, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =0.4.0, =0.0.19, =1.0.0, =3.2.0, =3.2.0, =4.2.2, =4.3.3 and more Source cves: CVE-2025-66416 Source advisory: OSV:GHSA-9H52-P55H-VW2F...
CVE-2025-58355
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...
CVE-2025-58355
CVE-2025-58355 affects Soft Serve (self-hosted Git server). In versions ≤0.9.1, an attacker can create or override arbitrary files with uncontrolled data via the SSH API. The issue is resolved in version 0.10.0. Evidence in the initial document notes vulnerable versions and the fixed release; no ...
Tapir 授权问题漏洞
Tapir is a private Terraform registry for PacoVK individual developers. An authorization issue vulnerability exists in Tapir version 0.9.0 and 0.9.1. An attacker exploiting this vulnerability could guess keys to gain write access to the registry...
WordPress glomex oEmbed plugin <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin glomex oEmbed versions = 0.9.1...
WordPress salavat counter Plugin plugin <= 0.9.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin salavat counter versions = 0.9.1...
PT-2024-29574 · Dompurify +2 · Dompurify +2
Name of the Vulnerable Software and Affected Versions: OpenObserve versions through 0.9.1 Description: The OpenObserve open-source observability platform has a security issue where it does not sanitize user input in the filter selection menu, potentially leading to complete account takeover. The...
WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Djennez Patchstack Alliance in WordPress Plugin Progress Planner versions = 0.9.1...
memos 跨站脚本漏洞
memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos versions prior to 0.9.1, which stems from stored cross-site scripting XSS...
memos 跨站脚本漏洞
memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos versions prior to 0.9.1, which stems from stored cross-site scripting XSS...
PT-2022-28109 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns Improper Privilege Management in the GitHub repository usememos/memos. Recommendations: For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue...
GHSA-R9PV-HG64-JQRP Exposure of Sensitive Information in Apache Storm Logviewer
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...
[SA18229] Ethereal GTP Dissector Denial of Service Vulnerability
TITLE: Ethereal GTP Dissector Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18229 VERIFY ADVISORY: http://secunia.com/advisories/18229/ CRITICAL: Not critical IMPACT: DoS WHERE: From remote SOFTWARE: Ethereal 0.x http://secunia.com/product/1228/ DESCRIPTION: A vulnerability has been...