120948 matches found
PT-2026-20979
Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.11.4-1.1 Description A denial of service condition can occur due to a malformed SFTP message. Recommendations Update to version 0.11.4-1.1 or later...
PT-2026-27418
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird ESR versions prior to 140.9 Description The software contains memory safety bugs, some of which demonstrate evidence of memory...
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
PT-2025-54358
Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description A local privilege escalation issue exists due to a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, running with SYSTEM...
EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2625)
According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of th...
GHSA-95QG-89C2-W5HJ theshit vulnerable to unsafe loading of user-owned Python rules when running as root
Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function. An attacker can execute arbitrary code by crafting a malicious pickle...
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef
Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...
SUSE CVE-2018-25154
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow that could lead to the execution of arbitrary code...
PT-2026-51383
Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...
GHSA-R8G5-CGF2-4M4M Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...
Picklescan missing detection when calling pty.spawn
Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...
GHSA-VQMV-47XG-9WPR Picklescan missing detection when calling pty.spawn
Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...
Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...
CVE-2025-68973
A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...
PT-2025-53779
Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13 Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf to copy the pincode parameter, supplied by the user, into ...
PT-2025-53770
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for the injection of malicious scripts into web pages. Th...
PT-2026-50453
Name of the Vulnerable Software and Affected Versions PickleScan versions prior to 0.0.33 Description PickleScan fails to include the pty.spawn function in its list of unsafe globals, which allows attackers to bypass security checks. By crafting malicious pickle payloads using the pty.spawn...