2678 matches found
CVE-2024-10031
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...
CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
PT-2025-29966 · Unknown +1 · Goldendict +1
Name of the Vulnerable Software and Affected Versions: GoldenDict versions 1.5.0 through 1.5.1 Description: GoldenDict versions 1.5.0 and 1.5.1 contain a dangerous method that allows reading and modifying files. This occurs when a user adds a crafted dictionary and then searches for any term...
CVE-2025-53964
Removed by vendor...
CVE-2024-10031
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...
SUSE SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2025:01885-2)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01885-2 advisory. - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902 Tenable has extracted the...
PT-2025-29286
Name of the Vulnerable Software and Affected Versions: Multipass versions up to and including 1.15.1 Description: Incorrect default permissions in Canonical Multipass on macOS allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daem...
SUSE-SU-2025:01885-2 Security update for perl-YAML-LibYAML
This update for perl-YAML-LibYAML fixes the following issues: - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902...
USN-7626-2: Git regression
USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Git vulnerabilities (USN-7626-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7626-1 advisory. Avi Halachmi discovered that Git incorrectly managed file modification constraints with...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
CVE-2025-43001
CVE-2025-43001 describes a privilege-escalation flaw in SAPCAR. An attacker with high privileges can override the permissions of the current and parent directories when extracting archives, enabling modification of critical files by tampering with signed archives without breaking signatures. The ...
PT-2025-28390 · Unknown · Tia Administrator
Name of the Vulnerable Software and Affected Versions: TIA Administrator versions prior to V3.0.6 Description: A vulnerability has been identified in the affected application, allowing low-privileged users to trigger installations by overwriting cache files and modifying the download path. This...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
Medium: perl-YAML-LibYAML
Issue Overview: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CVE-2025-40908 Affected Packages: perl-YAML-LibYAML Issue Correction: Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1036...
ALSA-2025:9330 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
ALSA-2025:9329 Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...
Important: perl-YAML-LibYAML security update
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...