23146 matches found
jinja2: Jinja sandbox breakout through attr filter selecting format method
A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...
jinja2: Jinja sandbox breakout through attr filter selecting format method
A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...
jinja2: Jinja sandbox breakout through attr filter selecting format method
A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:20156-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...
The vulnerability of the cm_helper_translate_curve_to_degamma_hw_format() function in the drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cmhelpertranslatecurvetodegammahwformat function in the drivers/gpu/drm/amd/display/dc/dcn10/dcn10cmcommon.c file of the Linux kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of Siemens Teamcenter Visualization’s lifecycle management system and Siemens Tecnomatix Plant Simulation’s software environment for modeling systems and processes lies in the reading of data beyond the buffer in memory. This allows attackers to execute arbitrary code.
The vulnerability of Siemens Teamcenter Visualization’s lifecycle management system and Siemens Tecnomatix Plant Simulation’s simulation software environment is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary...
Mattermost Mobile Apps 安全漏洞
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A denial of service vulnerability exists in Mattermost Mobile Apps version 2.25.0, which stems from an improperly validated GIF image, and can be exploited by an attacker to crash an Android application via a message...
The vulnerability of the cm3_helper_translate_curve_to_degamma_hw_format() function in the drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c file of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cm3helpertranslatecurvetodegammahwformat function in the drivers/gpu/drm/amd/display/dc/dcn30/dcn30cmcommon.c file of the Linux kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
CVE-2021-25635
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...
OESA-2025-1313 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
Allocation of Resources Without Limits or Throttling
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a...
2025-25427
It is an offensive tool for Linux. The repository slin99/2025-25...
CLSA-2025-1742469561 kernel: Fix of 19 CVEs
net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - smb: client: fix potential deadlock when releasing mids CVE-2023-52757 - tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 - ALSA: 6fire: Release resources at card release CVE-2024-53239 - smb: client: fix...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero when handling an invalid unknown.blockcount type in a Modelfile. An attacker can cause the application to crash by importing a malicious GGUF. Remediation Upgrade github.com/ollama/ollama/llm to version 0.6.3-rc1 or...
ChuanhuChatGPT 安全漏洞
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A denial of service vulnerability exists in ChuanhuChatGPT version 20240918, which can be exploited by an attacker to cause the system to...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in version 6dc3642 of AnythingLLM, which stems from an unauthenticated denial of service in the API embedded in the chat functionality, which allows an attacker to cause the server to crash by...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CLSA-2025-1742379028 Fix CVE(s): CVE-2024-11168, CVE-2024-4032, CVE-2025-0938
SECURITY UPDATE: Improper validation of bracketed hosts in urllib - debian/patches/CVE-2024-11168.patch: add checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format - CVE-2024-11168 SECURITY UPDATE: Incomplete validation of bracketed hosts in urllib -...
WhatsApp 安全漏洞
WhatsApp is a suite of mobile applications from WhatsApp, an American company that uses the Internet to transmit text messages. The application uses contact information in a smartphone to find contacts using the software to transmit text, images, and more. A security vulnerability exists in...