CVE-2026-7259

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

RHEL 9 : giflib (RHSA-2026:8859)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8859 advisory. giflib is a library for reading and writing gif images. Security Fixes: giflib: Giflib: Double-free vulnerability leading to memory corruption...

vim security update

8.0.1763-22.0.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-22 - RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim...

vim security update

8.0.1763-21.0.1 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-21 - RHEL-112003 CVE-2025-53905 vim: Vim path traversial - RHEL-112007 CVE-2025-53906 vim: Vim path traversal 2:8.0.1763-20 - fix issue...

EUVD-2004-1762

Malware in sbrugna...

EUVD-2014-2988

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-8859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d...

Linux Distros Unpatched Vulnerability : CVE-2015-8859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. CVE-2015-8859 Note that Nessus relies on the presen...

CVE-2025-8859

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2020-8859

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request...

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +182 more potentially affected by CVE-2024-8859 via mlflow (>=0.8.2 <=2.17.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.2.4 and more Source cves: CVE-2024-8859 Source advisory: OSV:GHSA-4RQF-8PFM-P36R...

autonomize-model-sdk (=1.0.4), autorad (=0.2.6) +43 more potentially affected by CVE-2024-8859 via mlflow (>=2.0.0rc0 <=2.17.0)

mlflow PYPI version =2.0.0rc0, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =0.0.41, =1.0.0, =0.0.1, =0.1.0, =0.1.5, =1.10.2, =0.1.2, =1.2.7, =0.1.0, =0.2.13 and more Source cves: CVE-2024-8859 Source advisory: SNYK:PYTHON-MLFLOW-9486462...

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

CVE-2024-8859

Mlflow/mlflow 2.15.1 contains a path traversal/local file read vulnerability when using the dbfs service: the URL is interpolated into the file protocol with only the path portion validated, enabling reading arbitrary server files when dbfs is mounted locally. Public sources (Nuclei template, OSV...

CVE-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

CVE-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

GHSA-HXF5-99XG-86HW cap-std doesn't fully sandbox all the Windows device filenames

Impact cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so o...

SUSE-SU-2024:3844-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...