NVIDIA Merlin Transformers4Rec 代码注入漏洞

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability, which originates from a Python dependency, that can be exploited by an attacker to perform malicious...

PT-2025-33045

Name of the Vulnerable Software and Affected Versions NVIDIA Merlin Transformers4Rec for all platforms affected versions not specified Description NVIDIA Merlin Transformers4Rec contains a flaw in a Python dependency that could allow an attacker to cause a code injection issue. Successful...

Totolink

It is an offensive tool for routers. Exploit module/toolkit targ...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

About This Project This project was developed as part of the...

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...

CVE-2025-32800

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. This flaw allows an attacker to claim this namespace, upload arbitrary malicious code to the package, a...

PT-2025-25588 · Python +1 · Pip +2

Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.3.0 Description: The issue concerns a dependency injection vulnerability. Conda-build lists conda-index as a Python dependency in its pyproject.toml file. Since conda-index is not published in PyPI, an attacke...

CVE-2022-39280

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

valgrind bug fix update

An update is available for valgrind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The valgrind packages provide the Valgrind programming tool that helps detec...

actinia-core (=6.0.0), aipackagewrapper (=0.1.0) +54 more potentially affected by CVE-2025-47273 via setuptools (>=78.0.1 <=78.1.0)

setuptools PYPI version =78.0.1, =4.1.0, =1.4.1, =0.1.0, =0.1.0, =0.0.20, =0.1.0, =8.6.2, =8.6.2, =3.0.0, =2.5.0, =2.7.19 - cx-freeze =8.1.0 and more Source cves: CVE-2025-47273 Source advisory: SNYK:PYTHON-SETUPTOOLS-9964606...

agent-path (>=0.1.0 <=0.1.2), agentc-llamaindex (=0.2.5a2) +837 more potentially affected by CVE-2024-12704 via llama-index-core (>=0.10.0 <=0.12.52.post1)

llama-index-core PYPI version =0.10.0, =0.1.0, =0.0.2, =0.1.0a0.dev0, =0.2.0a0, =0.0.6, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.1.0, =1.0.0, =1.1.6 - botrun-llama-kb =5.8.22 and more Source cves: CVE-2024-12704 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-9511125...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...

aldryn-django (=5.1.4.0), allianceauth (=5.0.0a1) +188 more potentially affected by CVE-2024-56374 via django (>=5.1.0 <=5.1.4)

django PYPI version =5.1.0, =0.42.1, =1.0.0, =1.23.0, =0.46.0, =0.2.0a1, =24.1.0, =0.2.0, =0.1.0, =0.2.2 - cg-django-uaa =2.1.8 and more Source cves: CVE-2024-56374 Source advisory: OSV:PYSEC-2025-1...

Fedora 37 : protobuf (2022-25f35ed634)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-25f35ed634 advisory. Selected notes from packaging changes and improvements: 3.19.6 fixes CVE-2022-3171 3.19.5 fixes CVE-2022-1941 License updated to SPDX Unnecessary...

Exploit for CVE-2018-14714

CVE-2018-14714 RCE exploit ASUS wifi router RCE vulnerability...

SUSE-SU-2024:0508-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

SUSE-SU-2024:0507-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

UBUNTU-CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty Pipe automatic root exploit CVE-2022-0847 !eaeasse...