CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.0 and earlier versions, which stems from the compiler failing to check the success flag of a call when using pre-compiled EcRecover and Identity, which could lead to incorre...

Exploit for Improper Initialization in Linux Linux_Kernel

It is an offensive tool for Linux. The repository appears to be...

Arbitrary Code Execution

Jinja is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling in the compiler caused by a bug that allows an attacker controlling both the content and filename of a template to execute arbitrary Python code, regardless of whether Jinja's sandbox is used...

Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`

The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...

Jinja 安全漏洞

Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a compiler bug that allows an attacker who has control over both the template content and filename to execute arbitrary Python cod...

Amazon Linux 2022 : libsepol, libsepol-devel, libsepol-static (ALAS2022-2022-030)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-030 advisory. The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a...

Malicious code in plugin-compiler-bytedance (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11421 Malicious code in plugin-compiler-bytedance (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in complier (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11333 Malicious code in complier (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11332 Malicious code in compilre (npm)

--- -= Per source details. Do not edit below this line.=-...

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

vue-i18n has cross-site scripting vulnerability with prototype pollution

Vulnerability type XSS Description vue-i18n can be passed locale messages to createI18n or useI18n. we can then translate them using t and $t. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation...

CVE-2024-44308

A vulnerability was discovered in WebKitGTK's JIT compiler. Processing maliciously crafted web content may lead to arbitrary code execution. Mitigation Affected installations of Red Hat Enterprise Linux 7 can disable the JIT engine by setting the JavaScriptCoreUseJIT environment variable to 0...

Intel oneAPI Base Toolkit < 2024.2.0 Multiple Vulnerabilities

Multiple vulnerabilities exist in Intel oneAPI Base Toolkit versions prior to 2024.2.0. See vendor advisory for more details. - Uncontrolled search path for some Intel® Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of...

[SECURITY] Fedora 41 Update: llvm-test-suite-19.1.0-4.fc41

C/C++ Compiler Test Suite that is maintained as an LLVM sub-project. This te st suite can be run with any compiler, not just clang...

[SECURITY] Fedora 40 Update: llvm-test-suite-18.1.8-3.fc40

C/C++ Compiler Test Suite that is maintained as an LLVM sub-project. This te st suite can be run with any compiler, not just clang...

Ubuntu: Security Advisory (USN-7109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...