5610 matches found
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
Malicious code in workspace-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2025-5845 Malicious code in workspace-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
SUSE CVE-2025-53630
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...
The vulnerability of the PropertyUtilsBean class in the Apache Commons Beanutils utility allows a hacker to execute arbitrary code.
The vulnerability of the PropertyUtilsBean utility in the Apache Commons Beanutils library is related to deficiencies in access control to the class loader. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
kernel: ELF: fix kernel.randomize_va_space double read
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...
Google Chrome Security Bypass Vulnerability (CNVD-2025-15175)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient policy enforcement in the Loader component, which can be exploited by an attacker to bypass content security policies...
CLSA-2025-1751285777 grub2: Fix of 5 CVEs
CVE-2024-45781: fs/ufs: OOB write in the heap - CVE-2024-45782: fs/hfs: strcpy using the volume name - CVE-2024-56737: fs/hfs: Fix stack OOB write with grubstrcpy - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs:...
ZigStrike 2.0
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...
DEBIAN-CVE-2025-6817
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5Cloadentry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public an...
UBUNTU-CVE-2024-36347
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
SUSE CVE-2025-6556
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
Malicious code in vite-loader-svg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5880f6d590622e99ff921eeb4b6de62bf0d1c7401a5c5b1cb7137b2b091769e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5262 Malicious code in vite-loader-svg (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5880f6d590622e99ff921eeb4b6de62bf0d1c7401a5c5b1cb7137b2b091769e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...