EUVD-2024-54839

Malicious code in bioql PyPI...

EUVD-2022-7457

Malicious code in bioql PyPI...

EUVD-2023-39916

Malicious code in bioql PyPI...

EUVD-2023-39175

Malicious code in bioql PyPI...

RLSA-2025:9063 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: checksec, cloud-provider-aws, lvm-driver, gostatsd, shfmt, confluent-common-docker, blobfuse2, mongodb-kubernetes-operator, docker-credential-ecr-login, secrets-store-csi-driver-provider-aws, ctop, linkerd2-proxy-init, vault-benchmark, terraform-provider-time,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: checksec, cloud-provider-aws, lvm-driver, gostatsd, shfmt, confluent-common-docker, blobfuse2, mongodb-kubernetes-operator, docker-credential-ecr-login, secrets-store-csi-driver-provider-aws, ctop, linkerd2-proxy-init, vault-benchmark, terraform-provider-time,...

GO-2025-3926 Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness

Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness...

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...

CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

GHSA-W469-HJ2F-JPR5 Harness Allows Arbitrary File Write in Gitness LFS server

Impact Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness...

Linux Distros Unpatched Vulnerability : CVE-2020-10081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS...

Linux Distros Unpatched Vulnerability : CVE-2021-21237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file ...

The vulnerability of the MFlash secure data exchange platform, related to authentication errors, allows attackers to escalate their privileges.

The vulnerability of the MFlash secure data exchange platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to enhance their privileges and use the file storage system beyond the architectural limitations by intercepting API responses...

RLSA-2025:9060 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

Important: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0. The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition...

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...