CVE-2025-3622

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...

Xorbits Inference 安全漏洞

Xorbits Inference is an open source Xorbits tool that can be used with a variety of LLMs. A security vulnerability exists in Xorbits Inference 1.4.1 and earlier versions, which stems from improper handling of the load function in the xinference/thirdparty/cosyvoice/cli/model.py file, which could...

@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params

Summary Unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. Details SvelteKit tracks...

PT-2025-16545

Name of the Vulnerable Software and Affected Versions SvelteKit versions prior to 2.20.6 Description The issue arises from unsanitized search param names, leading to an XSS vulnerability. This occurs when iterating over all entries of event.url.searchParams inside a server load function. Attacker...

VulnCheck KEV: CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...

FreeImage 安全漏洞

FreeImage is FreeImage open source a cross-platform for supporting popular graphic image formats open source library . A security vulnerability exists in FreeImage that stems from a stack buffer overflow in the Load function of PluginXPM.cpp when processing XPM files in libfreeimage. No detailed...

CVE-2024-31570

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file...

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

RHEL 6 : pyyaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...

ROS-20240402-16

Vulnerability of loadpempkcs7certificates and loadderpkcs7certificates package cryptography functions is related to NULL pointer dereferencing and segment failure. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2024-28578

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Load function when reading images in RAS format...

UBUNTU-CVE-2024-28578

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Load function when reading images in RAS format...

CVE-2024-28578

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the Load function when reading images in RAS format...

PT-2024-22481 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: A Buffer Overflow issue in the FreeImage library allows a local attacker to execute arbitrary code via the Load function when reading images in RAS format. Recommendations: For FreeImage version...

CVE-2024-28424

ZenML v0.55.4 is affected by an arbitrary file upload vulnerability in the load function of /materializers/cloudpickle_materializer.py, enabling remote code execution via a crafted file. This vulnerability is described consistently across multiple feeds (NVD, Red Hat, OSV, Nessus/NASL, CVE lists)...

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the stbiloadgifmain function. An attacker can cause a denial of service by sending a crafted file. Remediation There is no fixed version for stb. References - GitHub Gist - PoC Credit: peccc...

Buffer overflow

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 r1859 allows remote attackers to run arbitrary code via opening of crafted ico file...

FreeImage 安全漏洞

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A buffer overflow vulnerability exists in the FreeImage load function that can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service attack...

SUSE CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

GHSA-H755-8QP9-CQ85 protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...