UBUNTU-CVE-2025-5168

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

UBUNTU-CVE-2025-5167

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The...

PT-2025-22928 · Thinkgem · Thinkgem Jeesite

Name of the Vulnerable Software and Affected Versions: thinkgem JeeSite versions up to 5.11.1 Description: A critical issue affects the function ResourceLoader.getResource of the file /cms/fileTemplate/form in the component URI Scheme Handler. The manipulation of the argument Name leads to...

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident...

CVE-2024-31584

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp...

CVE-2024-23731

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

CVE-2024-6064

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmtnodeend of the file src/scenemanager/loaderxmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to...

CVE-2024-6441

A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely...

CVE-2024-23730

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safeload is not used for YAML...

CVE-2024-23732

The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

CVE-2023-46084

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

CVE-2023-29498

Improper restriction of XML external entity reference XXE vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed...

CVE-2023-29167

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed...

CVE-2023-24180

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmaploader.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted elf file...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

Malicious code in my-check-inline-loader-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4378 Malicious code in my-check-inline-loader-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...