GHSA-FP55-JW48-C537 astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

CVE-2025-66335

Technical details for CVE-2025-66335 are not publicly available in the provided documents; monitor for updates.

PT-2026-33643

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

Fonoster 安全漏洞

Fonoster is a cloud communication platform developed by Fonoster. Versions of Fonoster prior to 0.6.1 contained security vulnerabilities. These vulnerabilities were caused by directory traversal vulnerabilities in the VoiceServer endpoints, which could lead to the reading of arbitrary files...

CVE-2024-43035

Fonoster CVE-2024-43035 affects 0.5.5 prior to 0.6.1 and enables directory traversal via the VoiceServer endpoints /sounds/:file and /tts/:file. The root cause is in serveFiles within mods/voice/src/utils.ts, where local files can be read. This issue is not present in 0.6.1 and later (the functio...

EUVD-2025-24443

Malicious code in bioql PyPI...

CVE-2025-20025

Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2025-24302

Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2025-20025

Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2025-20025

Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access...

Intel TinyCBOR Library 安全漏洞

Intel TinyCBOR Library is a C language library from Intel Corporation USA. A security vulnerability exists in Intel TinyCBOR Library versions prior to 0.6.1, which stems from uncontrolled recursion and could lead to elevated privileges...

Intel TinyCBOR Library 安全漏洞

Intel TinyCBOR Library is a C language library from Intel Corporation USA. A security vulnerability exists in Intel TinyCBOR Library versions prior to 0.6.1, which stems from uncontrolled recursion and could lead to a denial of service...

AutoGPT 信息泄露漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. An information disclosure vulnerability exists in versions of AutoGPT prior to 0.6.1 that stems from the presence of cross-domain cookies and protected header disclosure in request redirects...

AutoGPT 代码问题漏洞

AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. A code issue vulnerability exists in versions of AutoGPT prior to 0.6.1 that stems from a DNS rebinding issue in the request wrapper, which could lead to server-side request forgery...

sigstore-go 安全漏洞

sigstore-go is a client library for Sigstore from the sigstore open source. A security vulnerability exists in sigstore-go versions prior to 0.6.1, which stems from the processing of maliciously constructed Sigstore Bundles containing massively verifiable data that can lead to excessive CPU...

ownCloud Security Breach

ownCloud is a personal cloud storage solution from the U.S.-based ownCloud, Inc. A security vulnerability exists in ownCloud oauth2 versions prior to 0.6.1, which stems from the ability to pass in a specially crafted redirect URL in the oauth2 application that bypasses authentication code and can...

CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...