GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

EUVD-2021-19538

Malware in sbrugna...

EUVD-2021-2079

Malware in sbrugna...

EUVD-2022-7365

Malicious code in bioql PyPI...

GCVE-1-2025-0004

creationtimestamp| type| source ---|---|--- 2025-09-25 18:52:48+00:00| seen| https://social.circl.lu/users/cedric/statuses/115266444798808086 2025-09-25 20:05:27+00:00| patched| https://github.com/vulnerability-lookup/vulnerability-lookup/commit/afa12347f1461d9481eba75ac19897e80a9c7434...

CVE-2025-39878 ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method" by moving code from cephwritepagesstart to this...

SUSE CVE-2025-52889

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...

CVE-2025-49014

CVE-2025-49014 : A heap use-after-free in jq 1.8.0 affects the function f_strflocaltime in /src/builtin.c. The issue is acknowledged as patched in commit 499c91bca9d4d027833bc62787d1bb075c03680e, with no known fixed version at publication. Connected sources corroborate the vulnerability in jq and...

CVE-2025-52467

CVE-2025-52467 affects the pgai Python library that converts PostgreSQL into a retrieval engine for RAG/Agentic apps. The issue enables exfiltration of secrets used in a workflow, notably the GITHUB_TOKEN with write permissions, allowing an attacker to tamper with the repository (e.g., push code/...

PT-2025-17856 · Mediawiki · Managewiki

Name of the Vulnerable Software and Affected Versions: ManageWiki versions prior to commit 2f177dc Description: The issue concerns a reflected or stored XSS vulnerability in the review dialog of ManageWiki, a MediaWiki extension. An attacker with a logged-in session can exploit this by modifying ...

PT-2025-17465 · Adept · Adept

Name of the Vulnerable Software and Affected Versions: Adept versions prior to commit a1a41b7 Description: The issue concerns the exposure of the GITHUB TOKEN in the Adept language workflow. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the...

SUSE CVE-2023-1829

A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later...

CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

UBUNTU-CVE-2022-48902

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARNON if we have PageError set Whenever we do any extent buffer operations we call assertebpageuptodate to complain loudly if we're operating on an non-uptodate page. Our overnight tests caught this warning earlier...

PT-2024-40034 · Ez Systems · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability...

GHSA-558H-MQ8X-7Q9G TensorFlow has Null Pointer Error in SparseSparseMaximum

Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...

SUSE CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

SUSE CVE-2021-37691

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

SUSE CVE-2022-36002

TensorFlow is an open source platform for machine learning. When Unbatch receives a nonscalar input id, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow...

PT-2022-26133 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: TensorFlow is an open source platform for machine learning. An input sparse matrix that is not a matrix with a shape wi...