Lucene search
K

14 matches found

EUVD
EUVD
added 2026/05/18 6:34 a.m.13 views

EUVD-2026-30739

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...

5.8AI score0.00306EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/19 3:31 p.m.7 views

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.2 views

CVE-2023-0106

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...

9CVSS5.9AI score0.00645EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.3 views

PoDoFo 资源管理错误漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A resource management error vulnerability exists in PoDoFo version 0.10.0, which stems from the function PoDoFo::PdfEncrypt::IsMetadataEncrypted containing heap reuse after release. A remote attacker can exploit this vulnerability to...

8.8CVSS6.8AI score0.0074EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/07/19 2:28 p.m.3 views

@achingbrain/appmetrics-dash (>=4.0.1 <=4.0.2), @adobe/aio-app-scripts (>=0.6.0 <=2.3.0) +190 more potentially affected by CVE-2020-28471 via properties-reader (>=0.0.10 <=2.1.1)

properties-reader NPM version =0.0.10, =4.0.1, =0.6.0, =2.1.0, =1.0.0, =0.3.1, =1.0.3, =0.6.0, =0.0.3, =0.0.2, =0.1.1, =0.2.0, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =0.1.2, =0.0.1, =0.0.10 and more Source cves: CVE-2020-28471 Source advisory: OSV:GHSA-JXVF-M3X5-MXWQ...

9.8CVSS7.2AI score0.01092EPSS
Exploits1
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.2 views

GNU LibreDWG 缓冲区错误漏洞

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability via the bitcalcCRC ... /... /src/bits.c:2213 to exploit the vulnerability and cause a heap buffer overflow...

8.8CVSS6.2AI score0.01232EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.3 views

GNU LibreDWG 缓冲区错误漏洞

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability by reading2004compressedsection ... /... /src/decode.c:2379 to cause a heap buffer overflow...

7.8CVSS6.1AI score0.00981EPSS
Exploits1References4
OSV
OSV
added 2020/09/01 10:15 a.m.2 views

UBUNTU-CVE-2020-7720

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions...

9.8CVSS7.2AI score0.03162EPSS
Exploits1References6
PyPA
PyPA
added 2019/10/28 5:15 p.m.6 views

PYSEC-2019-181

Python keyring lib before 0.10 created keyring files with world-readable permissions...

7.5CVSS7AI score0.0146EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2018/10/24 12:0 a.m.3 views

GAIN Electronic Co. Ltd SAGA1-L Series Access Control Vulnerability

GAIN SAGA1-L Series is a SAGA1-L series industrial remote control product from GAIN Electronic. A security vulnerability exists in GAIN SAGA1-L Series products using firmware versions prior to A0.10. An attacker could exploit this vulnerability to forcibly pair a device without human interaction...

8.8CVSS7.2AI score0.00726EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/30 12:0 a.m.1 views

FFmpeg Denial of Service Vulnerability (CNVD-2017-30436)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version 0.10. A remote attacker can exploit this vulnerability to cause a denial of service...

7.5CVSS7.5AI score0.01917EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.4 views

CVE-2016-6287

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

7.5CVSS5.8AI score0.01476EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.6 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libexiv2-0.10 package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

7.5CVSS7.5AI score0.04871EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder