21 matches found
CVE-2026-47341 Apache APISIX: Session replay issue in hmac-auth
Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...
CVE-2026-6338
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-41140
CVE-2026-41140 affects Poetry (Python dependency manager). The vulnerability is in extractall(), src/poetry/utils/helpers.py:410-426, which allowed tarball extraction without path traversal protection on Python versions where tarfile.data_filter is unavailable. Affected supported Poetry/Python ra...
Directory Traversal
Overview poetry is a Python dependency management and packaging made easy. Affected versions of this package are vulnerable to Directory Traversal via the extractall function in src/poetry/utils/helpers.py that extracts sdist tarballs without path traversal protection on Python versions where...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414645)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414645 advisory. An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by...
CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
Python 代码问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python versions 3.11 through 3.11.4, which stems from the presence of unexpecte...
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14...
PT-2022-34298 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.11 through v5.4.210 Description: A potential buffer overflow issue exists in the ni set mc special registers function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
Moodle 跨站请求伪造漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site request forgery vulnerability exists in Moodle H5P libraries versions 4.0 through 4.0.2 and 3.11 through 3.11.8, which...
com.impetus.kundera.client:kundera-cassandra (>=3.11 <=3.13), com.impetus.kundera.client:kundera-cassandra-ds-driver (>=3.11 <=3.13) +26 more potentially affected by CVE-2020-17516 via org.apache.cassandra:cassandra-all (>=3.11.0 <=3.11.1)
org.apache.cassandra:cassandra-all MAVEN version =3.11.0, =3.11, =3.11, =3.11, =0.3.3, =0.4.0, =3.11.0.0, =2.3, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.1 and more Source cves: CVE-2020-17516 Source advisory: OSV:GHSA-2VXM-VP4C-FJFW...
CVE-2022-0332
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...
UBUNTU-CVE-2022-0333
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events...
PT-2022-13111 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.4 Moodle versions 3.10 to 3.10.8 Moodle versions 3.9 to 3.9.11 Moodle versions earlier than 3.9 Description: A flaw was found in the calendar:manageentries capability, which allowed managers to access or modify an...
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events...
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified...
PT-2021-5354 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions earlier than 3.9 Description: The issue is related to errors in code generation management, allowing a remote attacker to execute...
PT-2021-5355 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions prior to 3.9 Description: A flaw was found in Moodle due to insufficient capability checks, making it possible to fetch other users'...
CVE-2021-28688
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 3.11 through 5.10.16, which stems from insufficient internal status updates that prevent incorrect security recovery...