1452 matches found
EUVD-2023-23463
Malicious code in bioql PyPI...
EUVD-2025-26063
Malicious code in bioql PyPI...
EUVD-2024-48049
Malicious code in bioql PyPI...
EUVD-2023-0638
Malicious code in bioql PyPI...
EUVD-2025-4621
Malicious code in bioql PyPI...
EUVD-2025-27855
Malicious code in bioql PyPI...
EUVD-2023-48484
Malicious code in bioql PyPI...
EUVD-2023-24413
Malicious code in bioql PyPI...
EUVD-2023-57622
Malicious code in bioql PyPI...
EUVD-2024-32319
Malicious code in bioql PyPI...
EUVD-2022-1248
Malicious code in bioql PyPI...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
GHSA-VH25-5764-9WCR @conventional-changelog/git-client has Argument Injection vulnerability
Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...
Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-014 (ALASREDIS6-2025-014)
The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-014 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a...
USN-7748-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...
USN-7748-1 vim vulnerabilities
It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...
CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
PT-2025-35507
Name of the Vulnerable Software and Affected Versions: linenoise affected versions not specified Description: A time-of-check to time-of-use TOCTOU issue exists in the linenoiseHistorySave function within the linenoise library. This flaw allows local attackers to overwrite arbitrary files and...
PT-2025-34977
Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0.a and earlier Description: An improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists. A remote authenticated attacker may overwrite legitimate fil...
CVE-2025-20295
A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerabili...