GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

go-ipld-prime 安全漏洞

go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.22.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR decoder using the set size declared in the CBOR header as a hint for Go’s pre-allocatio...

Moderate: Red Hat Security Advisory: Submariner v0.22 security fixes and container updates

Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

EUVD-2025-26609

Malicious code in bioql PyPI...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.22, which stems from the presence of path traversal in the CreateResource endpoint, which could lead to arbitrary file writes...

PT-2025-35796

Name of the Vulnerable Software and Affected Versions Memos version 0.22 Description When configured to store objects locally, the software allows an attacker to create a file via the CreateResource endpoint. This is achieved by including a path traversal sequence in the file name, enabling...

CVE-2025-43584

Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-43582

Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

PT-2025-7918 · Gradle +1 · Gradle +1

Name of the Vulnerable Software and Affected Versions: net.rubygrapefruit:native-platform versions prior to 0.22-milestone-28 Gradle version 8.12 Description: The issue concerns a local privilege escalation vulnerability in the Gradle build automation tool, specifically in its native-platform...

GHSA-6G7W-8WPP-FRHJ Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call completeio and are not affected. rustls::Stream and...

PT-2024-4391 · Unknown +4 · Net-Cidr-Lite +4

Name of the Vulnerable Software and Affected Versions: Net::CIDR::Lite versions prior to 0.22 Description: The issue is related to the improper handling of extraneous zero characters at the beginning of an IP address string. This can allow attackers to bypass access control based on IP addresses ...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

PT-2023-21749 · Movim · Movim

Name of the Vulnerable Software and Affected Versions: Movim versions prior to 0.22 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing header validation. Recommendations: For versions prior to 0.22, update to version 0.22 or later to resolve the...