AZL-77517 CVE-2025-30204 affecting package kube-vip-cloud-provider for versions less than 0.0.2-26

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2022-40954 Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

PT-2018-4634 · Bouncy Castle +1 · Bouncy Castle Jce Provider +1

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.51 through 1.55 Description: A carry propagation bug was introduced in the implementation of squaring for several raw math classes, which are used by custom elliptic curve implementations. This bug could...