MAL-2025-20789 Malicious code in format-text (npm)

The package format-text was found to contain malicious code...

MAL-2025-30742 Malicious code in prompts-auth-oauth-markdown-pdf (npm)

The package prompts-auth-oauth-markdown-pdf was found to contain malicious code...

MAL-2025-27361 Malicious code in new-format (npm)

The package new-format was found to contain malicious code...

Malicious code in @zalastax/nolb-json-x (npm)

The package @zalastax/nolb-json-x was found to contain malicious code...

MAL-2025-34115 Malicious code in style-format (npm)

The package style-format was found to contain malicious code...

MAL-2025-15528 Malicious code in bb-babelfish-format (npm)

The package bb-babelfish-format was found to contain malicious code...

CVE-2025-8714

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

Inclusion of Functionality from Untrusted Control Sphere

Overview Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere when restoring from a plain-text dump file. An attacker can embed malicious psql meta-commands into dump files generated by pgdump --format=plain, pgdumpall, or pgrestore --file...

CVE-2025-8714

CVE-2025-8714 affects PostgreSQL (and variants in related advisories) via Untrusted data inclusion in pg_dump, pg_dumpall, and pg_restore, allowing a malicious superuser to inject code during restore as the client OS account running psql. The issue arises from processing psql meta-commands in dum...

Data and Context Matter: Towards Generalizing AI-Based Software Vulnerability Detection

The performance of AI-based software vulnerability detection systems is often limited by their poor generalization to unknown codebases. In this research, we explore the impact of data quality and model architecture on the generalizability of vulnerability detection systems. By generalization we...

SUSE: Security Advisory (SUSE-SU-2025:02770-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02771-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2011-10010

The CVE-2011-10010 entry affects QuickShare File Server 1.2.1 and describes a path traversal flaw in the FTP service caused by improper sanitation of user-supplied file paths. Authenticated users can submit crafted sequences to access/write files outside the virtual directory, and when the Writab...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2012-10055

CVE-2012-10055 affects ComSndFTP FTP Server v1.3.7 Beta. The vulnerability is a format-string flaw in the handling of the USER command that can overwrite a hardcoded function pointer (WSACleanup from Ws2_32.dll) in memory, enabling an attacker to redirect control flow and bypass DEP via a ROP cha...

CVE-2012-10055 ComSndFTP v1.3.7 Beta USER Format String RCE

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...