13 matches found
EUVD-2022-26873
Malicious code in bioql PyPI...
PT-2025-27634 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory an...
CVE-2025-49013
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...
PT-2025-21914 · Unknown +1 · Vs6Editdata.Dll +1
Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier Description: The issue is related to the free of pointer not at the start of the buffer in the CWinFontInf::WinFontMsgCheck function, located in the VS6EditData.dll file. This problem can be triggered by...
PT-2025-17939 · Netscout · Ngeniusone
Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE versions prior to 6.4.0 b2350 Description: The issue allows local users to leverage Insecure Permissions for the nGeniusCLI File, potentially leading to unauthorized access or modifications. Recommendations: For versions...
jooby-pac4j: deserialization of untrusted data
Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...
PT-2025-4383 · Jwk Set +1 · Jwk Set +1
Name of the Vulnerable Software and Affected Versions: JWK Set versions prior to 0.6.0 Description: The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. However, the current behavior is to overwrite or append, which...
PT-2024-9614 · Gstreamer +7 · Gstreamer +7
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: A vulnerability has been discovered in the qtdemux parse container function within qtdemux.c, related to an out-of-bounds OOB read in memory. The issue arises from the parent function qtdemux...
CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)
Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...
PYSEC-2020-137
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...
PT-2020-20336 · Horde · Horde Groupware Webmail Edition
Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: This issue allows remote attackers to execute local PHP files on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the edit.ph...
[Full-Disclosure] Vulnerability in Terminal.app
There is a vulnerability in Apple's Terminal.app for OS X which affects Apple laptops. When running from the Terminal within the Unix shell, the command sudo normally will not prompt for a password for five minutes after the password was last given. The vulnerability occurs when putting an Apple...
Phorum Discussion Board Security Bug (Email Disclosure)
Concerning latest Phorum version 3.3.2 A bug in the PHP based forum script Phorum makes it possible to obtain the email addresses of the 10 most active users. In the 'admin/' directory of the forum there is a script called 'stats.php' that allows administrators and anyone else, since there is no...