2626 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
USN-7886-1: Python vulnerabilities
It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. CVE-2025-6075 Caleb Brown discovered that Python incorrectly handled the ZIP64 End ...
Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable
Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-6075
A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...
TencentOS Server 4: grafana-pcp (TSSA-2025:0833)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0833 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics
Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...
Astra Linux – Vulnerability in mtr
In certain privileged contexts, mtr improperly handles the execution of a program specified by the MTRPACKET environment variable. NOTE: On macOS, mtr may often be subject to sudo rules, as a result of Homebrew not installing setuid binaries...
AZL-69628 CVE-2025-6075 affecting package python3 for versions less than 3.12.9-6
If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...
UBUNTU-CVE-2025-6075
If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...
CVE-2025-6075
CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...
CPython 安全漏洞
CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython versions prior to 3.15.0, which stems from a user-controllable value passed to os.path.expandvars that could lead to degraded environment variable expansion performance...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...
GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...