4 matches found
GHSA-87M4-826X-3CRX PHPSpreadsheet has a patch bypass for CVE-2026-34084
Summary CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as phar://, php://, data:// or expect://. The check is not equivalent to "does the path conta...
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...
Mozilla Thunderbird ESR Multiple Vulnerabilities-01 (Mac OS X)
The host is installed with Mozilla Thunderbird ESR and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdesrmultvuln01oct12macosx.nasl 6093 2017-05-10 09:03:18Z teissa $ Mozilla Thunderbird ESR Multiple Vulnerabilities-01 Mac OS X Authors: Arun Kallavi...
kdelibs: input validation failure in KSSL
The KDE SSL Wrapper KSSL API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name CN of a certificate via rich text...