Astra Linux - уязвимость в libcroco

The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error through a crafted CSS file...

EUVD-2021-12803

Malware in sbrugna...

EUVD-2025-11859

Malicious code in bioql PyPI...

CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from an access control flaw that could lead to unauthorized access and modification of APP orchestration by non-administrative...

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from a regular user being incorrectly granted permission to edit the app name and description...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from the fact that a normal user can enable or disable the app via the API...

PT-2025-6067 · Unknown +2 · Pam Pkcs11 +2

Name of the Vulnerable Software and Affected Versions: PAM-PKCS11 versions 0.6.12 and prior Description: The issue affects a Linux-PAM login module that allows X.509 certificate-based user login. When a user presses ctrl-c/ctrl-d while being asked for a PIN, the pam pkcs11 module segfaults...

PAM-PKCS#11 代码问题漏洞

PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...

SUSE CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

cyfs-chunk-lib (=0.5.0), cyfs-cip (>=0.5.0 <=0.6.4) +1 more potentially affected by unknown CVE via cyfs-base (>=0.5.5 <=0.6.12)

cyfs-base CARGO version =0.5.5, =0.5.0, =0.6.4 - cyfs-core =0.5.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0046...

CVE-2017-8834

The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error via a crafted CSS file...

CVE-2017-8871

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

ALPINE-CVE-2017-8871

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

Code injection

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

CVE-2017-8834

The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error via a crafted CSS file...

libcroco 0.6.12 - Denial of Service

libcroco 0.6.12 - Denial of Service libcroco multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= Libcroco is a standalone css2 parsing and manipulation library. The parser provides a low level event driven SAC like api and a css object model like...