Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write. through the internalexrundopiz process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by...

CVE-2025-58713

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-58713

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2025-58713

Red Hat Process Automation Manager images are affected by CVE-2025-58713 due to /etc/passwd being created with group-writable permissions during build. An attacker who can execute commands in the affected container (even as non-root) could leverage their root-group membership to modify /etc/passw...

CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

Incorrect Default Permissions

Amendment This was deemed not a vulnerability. Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Incorrect Default Permissions via excessive group-writable permissions on the /etc/passwd file during the build process. An attacker can gain full...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that mirrors the TeamPCP LiteLLM technique. What the postinstall payload does: - Harvests environment variables matching 40+ patterns AWS, GCP, Azure, GitHub, OpenAI, Stripe, etc. - Reads SSH keys, .npmrc,...

EUVD-2026-20063

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

CVE-2026-5083 Ado::Sessions versions through 0.935 for Perl generates insecure session ids

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

CVE-2024-36057

Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by...

PT-2026-31313

Name of the Vulnerable Software and Affected Versions Red Hat Process Automation Manager affected versions not specified Description A container privilege escalation flaw exists due to group-writable permissions on the /etc/passwd file during image build time. An attacker executing commands withi...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios itself, based on Promise a solution for asynchronous programming. Versions of Axios prior to 1.13.2 contain security vulnerabilities; these vulnerabilities stem from state corruption and could potentially lead to process crashes...

CVE-2025-50657

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint...

Red Hat Process Automation Manager 安全漏洞

Red Hat Process Automation Manager is a process automation manager developed by the American company Red Hat. This product supports functions such as business process management, business rule management, business resource optimization, and complex event handling. There is a security vulnerabilit...

openstatus 代码注入漏洞

OpenStatus is an open-source status page and availability monitoring platform developed by OpenStatus. OpenStatus has a code injection vulnerability, which stems from the operation of the callbackURL parameter in the Onboarding endpoint component...

Oracle Linux 8 : freerdp (ELSA-2026-6918)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6918 advisory. 2:2.11.7-6 - Fix use of nscprocessmessage Resolves: RHEL-155984 2:2.11.7-5 - Backport several CVE fixes Resolves: RHEL-147954, RHEL-147955, RHEL-147970...

PT-2026-31088

Name of the Vulnerable Software and Affected Versions Ado::Sessions versions through 0.935 Description The Ado::Sessions Perl module generates insecure session IDs. The session ID is created using a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the connect process. An attacker can obtain sensitive host filesystem paths and deployment metadata by making authenticated requests as a non-admin client...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper validation in the certificate renewal process. An attacker can gain unauthorized access to other managed clusters by forging a client certificate that is accepted by the controller. Remediati...

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...