141 matches found
[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
EUVD-2017-11170
Malware in sbrugna...
EUVD-2019-5842
Malware in sbrugna...
EUVD-2020-0159
Malware in sbrugna...
PT-2025-40803
Name of the Vulnerable Software and Affected Versions ZenML version 0.83.1 Description The software contains a path traversal issue in the PathMaterializer class. The load function uses is path within directory to validate files during data.tar.gz extraction, which does not properly detect symbol...
Security update for gdk-pixbuf
This update for gdk-pixbuf fixes the following issues: CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak bsc1245227 CVE-2025-7345: Fixed heap buffer overflow within the gdkpixbufjpegimageloadincrement function bsc1246114 Patch Instructions: To install this SUSE...
Linux Distros Unpatched Vulnerability : CVE-2024-28578
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Load function when reading image...
PT-2025-23901 · Radare2 · Radare2
Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A problematic vulnerability was found in the function cons stack load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack must...
Deserialization of Untrusted Data
Overview pypickle is a pypickle is a Python library to save and load variables in pickle files. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the load function. An attacker can manipulate serialized objects to execute arbitrary code by supplying...
PYSEC-2025-45
A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to th...
CVE-2025-5173
A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...
CVE-2025-5174 erdogant pypickle pypickle.py load deserialization
A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to th...
Deserialization of Untrusted Data
Overview inspiremusic is an InspireMusic: A Fundamental Music, Song and Audio Generation Framework and Toolkits Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the load function in the file cli/model.py. An attacker can manipulate internal data...
CVE-2024-28423
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2023-24180
Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2025-32388
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...
CVE-2025-32388 SvelteKit allows XSS via tracked search_params
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can explo...
CVE-2025-32388
CVE-2025-32388 affects SvelteKit prior to v2.20.6 where unsanitized iteration over event.url.searchParams in a server load function enables XSS. The issue is fixed in 2.20.6; upgrade to 2.20.6 or later.