23170 matches found
CVE-2025-0343
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...
firefox: Compartment mismatch when parsing JavaScript JSON module
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...
Exploit for Cross-site Scripting in Automad
CVE-2024-40111: Stored Cross-Site Scripting XSS in Automad 2...
Exploit for Code Injection in Code-Projects Online_Car_Rental_System
Online Car Rental System Vulnerabilities This repository cont...
OESA-2025-1030 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
Unspecified Vulnerability in SonicWall SonicOS (CNVD-2025-01661)
SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...
kernel security update
5.14.0-503.21.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
Responsive FileManager 安全漏洞
Responsive FileManager is a free open source file manager from the individual developer Alberto Peripolli. A security vulnerability exists in Responsive FileManager version 9.14.0, which stems from file uploads using svg and pdf extensions and is vulnerable to cross-site scripting attacks...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
CVE-2024-12805
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...
CVE-2024-12805
CVE-2024-12805 is a post-authentication format-string vulnerability in SonicOS management affecting SonicWall SonicOS devices. The issue, described in connected sources as a format string flaw, can allow a remote, authenticated attacker to crash the firewall and potentially achieve code execution...
firefox: Compartment mismatch when parsing JavaScript JSON module
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...
SonicWALL SonicOS 安全漏洞
SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...
Fedora: Security Advisory (FEDORA-2024-ccdbd92d7b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413...
CVE-2024-56455
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...
PT-2025-3300 · Unknown · 3D Engine Module
Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the vulnerability of input parameters not being verified during the loading of glTF models in the 3D engine module. Successful exploitation of this vulnerability...