2819 matches found
Malicious code in web-api-mongodb-connection-factory (npm)
The package web-api-mongodb-connection-factory was found to contain malicious code...
Malicious code in crypto-cookie-factory (npm)
The package crypto-cookie-factory was found to contain malicious code...
Malicious code in tally-factory (npm)
The package tally-factory was found to contain malicious code...
Malicious code in promise-mongodb-connection-factory (npm)
The package promise-mongodb-connection-factory was found to contain malicious code...
MAL-2025-38965 Malicious code in web-api-mongodb-connection-factory (npm)
The package web-api-mongodb-connection-factory was found to contain malicious code...
MAL-2025-9238 Malicious code in @pmm/keycloak-factory (npm)
The package @pmm/keycloak-factory was found to contain malicious code...
MAL-2025-30734 Malicious code in promise-mongodb-connection-factory (npm)
The package promise-mongodb-connection-factory was found to contain malicious code...
MAL-2025-17733 Malicious code in crypto-cookie-factory (npm)
The package crypto-cookie-factory was found to contain malicious code...
MAL-2025-34405 Malicious code in tally-factory (npm)
The package tally-factory was found to contain malicious code...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FurySerializerFactory class, which handles serialized data. An attacker can execute arbitrary code by submitting crafted input to the affected component. Details Serialization is a process of...
Deserialization of Untrusted Data
Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the Checkpoint path parameter in the WebUI interface during the training process. An attacker can exploit this vulnerability by supplying a...
CVE-2025-8286
CVE-2025-8286 affects Güralp FMUS series seismic monitoring devices. The vulnerability is an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. Affected products are exposed via a networ...
FlashMQ 安全漏洞
FlashMQ is a fast and lightweight MQTT proxy server by Wiebe Cazemier. A security vulnerability exists in FlashMQ version 1.14.0, which stems from an assertion failure in the PublishCopyFactory::getNewPublish function, triggered when the QoS value of the publish object is greater than zero...
CVE-2025-54415
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415 dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when...
CVE-2025-54415
CVE-2025-54415 affects the dag-factory project (Apache Airflow) for versions ≤ 0.23.0a8. The vulnerability lies in the cicd.yml workflow configured in the astronomer/dag-factory GitHub repository, which, when triggered by pull_request_target, can be exploited to execute arbitrary code in the GitH...
dag-factory 操作系统命令注入漏洞
dag-factory is an Astronomer open source by building Apache Airflow DAG. An operating system command injection vulnerability exists in dag-factory 0.23.0a8 and earlier versions, which stems from a misconfiguration of the cicd.yml workflow and could lead to arbitrary code execution...