75 matches found
CVE-2025-40933
creationtimestamp| type| source ---|---|--- 2025-09-17 15:09:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lz24jszhz62a 2025-09-17 16:55:09+00:00| seen| https://gist.github.com/Darkcrai86/998a31f20c5bf6bc073cb655f43337be...
GHSA-68R2-FWCG-QPM8
creationtimestamp| type| source ---|---|--- 2025-07-16 05:32:18+00:00| seen| https://gist.github.com/safer-bot/ac258bea45025717f0ed3e9461a069c2...
GHSA-RC2Q-X9MF-W3VF
creationtimestamp| type| source ---|---|--- 2025-07-16 03:56:59+00:00| seen| https://gist.github.com/safer-bot/0a516166b329057e81ec35ad6fb00e3b 2025-07-16 07:47:33+00:00| seen| https://gist.github.com/safer-bot/616a8b85e998ab57bb1c3128b073777f 2025-07-16 08:18:18+00:00| seen|...
CVE-2025-3046
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
Towards Understanding the Cognitive Habits of Large Reasoning Models
Large Reasoning Models LRMs, which autonomously produce a reasoning Chain of Thought CoT before producing final responses, offer a promising approach to interpreting and monitoring model behaviors. Inspired by the observation that certain CoT patterns -- e.g., "Wait, did I miss anything?'' --...
GO-2025-3619 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based continuous localization system for free software. A security vulnerability exists in Weblate versions prior to 5.11, which stems from the possibility that credentials in the code repository URL may be disclosed in plaintext...
GO-2025-3549 Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server
Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server...
GHSA-W32M-9786-JP63
creationtimestamp| type| source ---|---|--- 2025-02-25 19:44:55+00:00| seen| https://gist.github.com/ruokun-niu/25de36e2d9507c94536ff4058d807551...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
[SECURITY] Fedora 38 Update: libopenmpt-0.7.6-1.fc38
libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
[SECURITY] Fedora 39 Update: libopenmpt-0.7.6-1.fc39
libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
CVE-2023-47704
IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...
Error of computation break the LpTokens supply, causes users to lose funds and make functions using _getUtilityFinalLp() broken.
Lines of code Vulnerability details Impact withdrawGivenOutputAmount and withdrawGivenInputAmount functions doesn't revert when balance of tokenX/tokenY = 0 and create an offset between reserve tokens and LP total supply. This lead to unwanted behaviors for the next operations on the protocol...
[SECURITY] Fedora 37 Update: libopenmpt-0.6.11-1.fc37
libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...
CVE-2023-36817 The King's Temple Church website Leaked Stripe API Key in Public Code Repository
tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...
Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance
Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...
CVE-2023-23762 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...