CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

AlmaLinux 9 : perl-FCGI (ALSA-2025:8635)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:8635 advisory. perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 Tenable has extracted the...

CVE-2024-47081 Requests vulnerable to .netrc credentials leak via malicious URLs

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...

CVE-2024-47877

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you're using the Extractor.FS interface, then upgrading to /v4...

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

CVE-2023-38699

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...

CVE-2021-41150

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is...

CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

LibVulnWatch: a Deep Assessment Agent System and Leaderboard for Uncovering Hidden Vulnerabilities in Open-Source AI Libraries

Open-source AI libraries are foundational to modern AI systems but pose significant, underexamined risks across security, licensing, maintenance, supply chain integrity, and regulatory compliance. We present LibVulnWatch, a graph-based agentic assessment framework that performs deep,...

RLSA-2024:4249 Low: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

CVE-2025-46237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yannick Lefebvre Link Library link-library allows Stored XSS.This issue affects Link Library: from n/a through = 7.8...

PT-2025-21910 · Crates.Io · Macroquad

Several soundness issues have been reported. Resolving them doesn't seem to be considered a priority. In particular, unprincipled use of mutable statics is pervasive throughout the library, making it possible to cause use-after-free in safe code. Currently, no fixed version is available...

ALSA-2025:3913 Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

openSUSE 15 Security Update : doomsday (openSUSE-SU-2025:0117-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:0117-1 advisory. - CVE-2025-2592: Use system assimp library to fix a heap-based buffer overflow boo1239917 Tenable has extracted the preceding description block directly...

ALSA-2025:3531 Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

CVE-2024-5565

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

CVE-2024-54541

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

CVE-2025-0395

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size...

Moderate: Red Hat Security Advisory: gtk3 security update

An update for gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...