StreamRipper32 安全漏洞

StreamRipper32 is an open-source tool developed by StreamRipper for capturing and saving MP3 files from online radio stations. Version 2.6 of StreamRipper32 contains a security vulnerability, which stems from a buffer overflow in the Station/Song Section component, potentially allowing arbitrary...

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from the rules.http.paths.path Ingress field...

ELECOM多款产品 安全漏洞

ELECOM WAB-S600-PS, among others, are products from the Japanese company ELECOM. ELECOM WAB-S600-PS is a wireless access point. ELECOM WAB-S300 is also a wireless access point. ELECOM WAB-S733IW2-PD is a wireless access point device. Several of ELECOM’s products have security vulnerabilities; the...

Lexmark 安全漏洞

Lexmark is a series of printers produced by the American company Lexmark. Several Lexmark products have security vulnerabilities, which stem from relative path traversal in the embedded solution framework, potentially allowing for the execution of arbitrary code. The following products are...

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation, allowing an attacker who can place a malicious pickle file in a reachable location to trigger arbitrary...

Victor CMS 跨站脚本漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting vulnerability in the commentauthor POST parameter, which could all...

Lexmark多款产品 安全漏洞

The Lexmark CX410, among others, is a product of the American company Lexmark. The Lexmark CX410 is a printer. The Lexmark CX510 is a multifunctional printer. The Lexmark CX82x is also a multifunctional printer. Several Lexmark products have security vulnerabilities; these vulnerabilities stem fr...

Lexmark多款产品 安全漏洞

The Lexmark CX410 is a product of the American company Lexmark. The Lexmark CX410 is a printer. The Lexmark CX510 is a multifunctional printer. The Lexmark CX82x is a multifunctional printer. Several products from Lexmark have security vulnerabilities; these vulnerabilities stem from the Postscri...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. The TP-Link Archer AX53 v1.0 1.3.1 Build 20241120 and earlier versions have a security vulnerability. This vulnerability stems from a heap-based buffer overflow in the tmpserver module, which may lead to segmentation...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. The TP-Link Archer AX53 v1.0 1.3.1 Build 20241120 and earlier versions have a security vulnerability. This vulnerability stems from a heap buffer overflow in the tmpserver module, which may lead to segmentation...

Linux Distros Unpatched Vulnerability : CVE-2025-70559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMa...

Linux Distros Unpatched Vulnerability : CVE-2025-69209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attack...

USN-8003-1 openjdk-21-crac vulnerabilities

It was discovered that the RMI component of CRaC JDK 21 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. CVE-2026-21925 Mingijung...

Insertion of Sensitive Information Into Sent Data

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the storage of HMAC keys and disclosure through the DescribeTrainingJob API. An attacker ca...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

AZL-76443 CVE-2026-24051 affecting package azl-otel-collector 0.127.0-1

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getattr function. An attacker can execute arbitrary code by crafting a malicious pickle file that...

GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the lookupGetter function. An attacker can execute arbitrary code by bypassing prototype chain checks with function properties, and thereby escaping the...