CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String Comparison...

CVE-2020-26272

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

CVE-2020-11014

Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the...

CVE-2017-10709

The lockscreen on Elephone P9000 devices running Android 6.0 allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess...

The vulnerability of Intel Core Ultra microprogramming software, related to performing actions in the wrong order, allows a perpetrator to disclose protected information.

The vulnerability of Intel Core Ultra microprogramming software relates to the execution of actions in the wrong order. Exploiting this vulnerability can allow an attacker to disclose protected information...

SUSE CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

GHSA-RC42-6C7J-7H5R Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

Return of Wrong Status Code

Overview Affected versions of this package are vulnerable to Return of Wrong Status Code from the chacha20poly1305setkey function, when returning a ChaCha20 initialization error from the OpenSSL backend. An attacker can potentially impact confidentiality, integrity, and availability by exploiting...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an overwritten return value of the BPF subroutine, which could result in a wrong address load...

CourseLit 安全漏洞

CourseLit is a blogging system open-sourced by CodeLit. A security vulnerability exists in versions of CourseLit prior to 0.57.5 that stems from a payment plan associated with the wrong entity that could lead to parameter tampering...

PT-2025-16024 · Unknown · Codelit Courselit

Name of the Vulnerable Software and Affected Versions: CodeLit CourseLit versions prior to 0.57.5 Description: The issue allows Parameter Tampering via a payment plan associated with the wrong entity. Recommendations: For versions prior to 0.57.5, update to version 0.57.5 or later to resolve the...

cifs.upcall makes an upcall to the wrong namespace in containerized environments

...

OESA-2025-1375 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not unregistering the PTP clock in the wrong path...

CVE-2025-2887

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched ...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of terminating delegates, which could result in a client fetching a target from the wro...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client failing to detect a rollback of a delegated target during a target rollback, which could cause th...

GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

USN-7362-1 golang-github-cli-go-gh-v2 vulnerability

It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. CVE-2024-53859...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from using the wrong device for device management, which could result in IRQ not being disabled...