29 matches found
Astra Linux – Vulnerability in Tiff
A null source pointer passed as an argument to the memcopy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, this fix is available in the...
CVE-2026-33746 Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...
ai.platon.gora:gora-core (=1.0.0), ai.platon.gora:gora-mongodb (=1.0.0) +1308 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.2 and more Source cves: CVE-2026-24308 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15443353...
Joomla! XSS Vulnerability (20260102)
Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...
WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SALESmanago versions = 3.9.0...
WordPress plugin SALESmanago 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...
[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins
Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...
au.csiro.pathling:encoders (>=7.2.0 <=9.7.1), au.csiro.pathling:fhir-server (=7.2.0) +1174 more potentially affected by CVE-2025-58457 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.3)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.4 and more Source cves: CVE-2025-58457 Source advisory: OSV:GHSA-2HMJ-97JW-28JH...
Apache ZooKeeper 安全漏洞
Apache Zookeeper is a software project of the Apache USA Foundation that provides open source distributed configuration services, synchronization services, and named registries for large-scale distributed computing. A security vulnerability exists in Apache ZooKeeper versions 3.9.0 through prior ...
CVE-2025-54486
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...
The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2237 The Biosig Project libbiosig MFER default NS mismatch heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-53511 SUMMARY A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...
The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2233 The Biosig Project libbiosig GDF parsing integer overflow to heap-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-52581 SUMMARY An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project...
WordPress MinimogWP theme <= 3.9.0 - Unauthenticated Price Manipulation vulnerability
Unauthenticated Price Manipulation vulnerability discovered by Valatty in WordPress Theme MinimogWP versions = 3.9.0...
CVE-2025-31806
CVE-2025-31806 affects Webling (WordPress plugin Webling). It is a Stored XSS due to improper neutralization of input during web page generation, impacting Webling versions up to 3.9.0. Exploitation requires authentication (Administrator). Wordfence notes the vulnerability and indicates a patch i...
com.github.t1:wunderbar.demo.product (=3.3), com.mobiera.libs:aircast-api-jakarta (=1.3) +600 more potentially affected by CVE-2024-2700 via io.quarkus:quarkus-core (>=3.9.0.CR1 <=3.9.1)
io.quarkus:quarkus-core MAVEN version =3.9.0.CR1, =0.3.0, =0.2.3, =0.3.4, =0.9.3, =0.9.9, =3.3.0, =3.3.0.CR2 and more Source cves: CVE-2024-2700 Source advisory: OSV:GHSA-F8H5-V2VG-46RR...
PT-2024-23292 · Decalog · Decalog
Name of the Vulnerable Software and Affected Versions: DecaLog versions prior to 3.9.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL...
cn.aradin:aradin-cluster-zookeeper-starter (>=1.1.1 <=1.1.2), cn.aradin:aradin-lucene-solr-starter (>=1.1.1 <=1.1.2) +522 more potentially affected by CVE-2024-23944 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.1)
org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =15.1-RELEASE, =15.0-RELEASE, =2.03-RELEASE, =3.3.0.4.0.6, =3.3.0.4.0.5, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.10 and more Source cves: CVE-2024-23944 Source advisory:...
aiohttp Injection Vulnerability
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. An injection vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect validation that allows an attacker to modify an HTTP request e.g., by inserting a new header, or even create...
CVE-2023-40826
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...