Every1's a fraud 'cuz they pick & choose what they show. • sharp prior to version 0.30.4 is vulnerable to OS command injection. The environment PKG_CONFIG_PATH variable is used to install...
Read more ⟶ • Apache Doris use hardcoded key and IV to initialize the cipher used for LDAP password, which may lead to information disclosure.
Read more ⟶ • gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability.
Read more ⟶ • node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.
Read more ⟶ • calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Read more ⟶