14 matches found
October 安全漏洞
October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.13, as well as those before 4.1.4, contained security vulnerabilities. These vulnerabilities stemmed from a sandbox bypass in the Twig security mode function, which coul...
CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
PT-2026-31732
Name of the Vulnerable Software and Affected Versions Helm versions 3.20.1 and earlier, and versions 4.1.3 and earlier Description Helm, a package manager for Kubernetes Charts, is affected by an issue where a specially crafted Chart can cause the helm pull --untar command to write chart contents...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986
CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...
dhrav1 (=1.1.2), irma-dodol78-riris (=3.3.4) +2 more potentially affected by unknown CVE via dhrafortea (>=1.1.2 <=4.1.4)
dhrafortea NPM version =1.1.2, =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dhrafortea and may be impacted: - dhrav1 =1.1.2 - irma-dodol78-riris =3.3.4 - joko-tek48-riris =4.3.2 - kurnia-sambel16-riris =2.3.1 Source cves: unknown CVE Source...
CVE-2025-61801
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-61800 Dimension | Integer Overflow or Wraparound (CWE-190)
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Flask-AppBuilder Cross-Site Scripting Vulnerability
Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.1.4 through 4.2.1, which stems from a cross-site scripting XSS vulnerability in the OAuth login page...
Fortinet FortiSIEM Windows Agent安全漏洞
Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...
Fortinet FortiSIEM Windows Agent 安全漏洞
Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and earlier, which can be exploited by an attacker to obtain compromised agent...
@here/cli (>=1.5.0 <=1.6.1), @node-amazon/mws (>=0.0.2 <=0.0.3) +10 more potentially affected by CVE-2020-26256 via @fast-csv/parse (>=4.1.4 <=4.3.3)
@fast-csv/parse NPM version =4.1.4, =1.5.0, =0.0.2, =2.1.0, =1.0.0, =1.2.127, =1.2.135, =1.2.111, =6.42.0, =4.1.4, =0.0.1, =0.0.6 Source cves: CVE-2020-26256 Source advisory: OSV:GHSA-8CV5-P934-3HWP...
GlusterFS Denial of Service Vulnerability
Red Hat Gluster is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming, data analysis and other data- and bandwidth-intensive tasks to create large-scale distributed storage solutions. A denial of service vulnerability exists in Red Hat Gluster...
UBUNTU-CVE-2018-14660
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs serv...