Lucene search
K

23146 matches found

RedHat Linux
RedHat Linux
added 2025/03/24 5:53 p.m.2 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/03/24 2:13 p.m.3 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/03/24 10:53 a.m.2 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2025/03/24 9:51 a.m.4 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.5CVSS7.4AI score0.00465EPSS
Exploits0References4
OSV
OSV
added 2025/03/24 9:41 a.m.2 views

SUSE-SU-2025:20156-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

8.8CVSS7.1AI score0.00465EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.5 views

The vulnerability of the cm_helper_translate_curve_to_degamma_hw_format() function in the drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cmhelpertranslatecurvetodegammahwformat function in the drivers/gpu/drm/amd/display/dc/dcn10/dcn10cmcommon.c file of the Linux kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7.8CVSS7.2AI score0.00327EPSS
Exploits0References29Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.15 views

The vulnerability of Siemens Teamcenter Visualization’s lifecycle management system and Siemens Tecnomatix Plant Simulation’s software environment for modeling systems and processes lies in the reading of data beyond the buffer in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Teamcenter Visualization’s lifecycle management system and Siemens Tecnomatix Plant Simulation’s simulation software environment is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary...

7.8CVSS6.2AI score0.00152EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A denial of service vulnerability exists in Mattermost Mobile Apps version 2.25.0, which stems from an improperly validated GIF image, and can be exploited by an attacker to crash an Android application via a message...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.5 views

The vulnerability of the cm3_helper_translate_curve_to_degamma_hw_format() function in the drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c file of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cm3helpertranslatecurvetodegammahwformat function in the drivers/gpu/drm/amd/display/dc/dcn30/dcn30cmcommon.c file of the Linux kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7.8CVSS7.2AI score0.00272EPSS
Exploits0References25Affected Software6
OSV
OSV
added 2025/03/21 3:15 p.m.5 views

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

5.5CVSS6.8AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 1:18 p.m.3 views

OESA-2025-1313 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.8CVSS7.1AI score0.00329EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a...

8.7CVSS7AI score0.00879EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/03/20 12:2 p.m.90 views

2025-25427

It is an offensive tool for Linux. The repository slin99/2025-25...

6.9AI score
Exploits0
OSV
OSV
added 2025/03/20 11:19 a.m.4 views

CLSA-2025-1742469561 kernel: Fix of 19 CVEs

net: defer final 'struct net' free in netns dismantle CVE-2024-56658 - smb: client: fix potential deadlock when releasing mids CVE-2023-52757 - tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 - ALSA: 6fire: Release resources at card release CVE-2024-53239 - smb: client: fix...

7.8CVSS7.3AI score0.00809EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 10:48 a.m.2 views

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero when handling an invalid unknown.blockcount type in a Modelfile. An attacker can cause the application to crash by importing a malicious GGUF. Remediation Upgrade github.com/ollama/ollama/llm to version 0.6.3-rc1 or...

8.7CVSS6.9AI score0.00589EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A denial of service vulnerability exists in ChuanhuChatGPT version 20240918, which can be exploited by an attacker to cause the system to...

7.5CVSS6.6AI score0.0067EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in version 6dc3642 of AnythingLLM, which stems from an unauthenticated denial of service in the API embedded in the chat functionality, which allows an attacker to cause the server to crash by...

7.5CVSS7.5AI score0.0064EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/03/19 4:12 p.m.1 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.5CVSS8.1AI score0.00465EPSS
Exploits0References4
OSV
OSV
added 2025/03/19 10:10 a.m.11 views

CLSA-2025-1742379028 Fix CVE(s): CVE-2024-11168, CVE-2024-4032, CVE-2025-0938

SECURITY UPDATE: Improper validation of bracketed hosts in urllib - debian/patches/CVE-2024-11168.patch: add checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format - CVE-2024-11168 SECURITY UPDATE: Incomplete validation of bracketed hosts in urllib -...

7.5CVSS6.8AI score0.01499EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.2 views

WhatsApp 安全漏洞

WhatsApp is a suite of mobile applications from WhatsApp, an American company that uses the Internet to transmit text messages. The application uses contact information in a smartphone to find contacts using the software to transmit text, images, and more. A security vulnerability exists in...

3.5CVSS6.4AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder