fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and processing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.7.0 contained security vulnerabilities. These...

SUSE CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

PT-2025-33099

Name of the Vulnerable Software and Affected Versions: Active Record versions prior to 7.1.5.2 Active Record versions prior to 7.2.2.2 Active Record versions prior to 8.0.2.1 Description: Active Record connects classes to relational database tables. The ID passed to find or similar methods may be...

Remote Code Execution

fail2ban is vulnerable to remote code execution. The mailing action mail-whois command mail from mailutils package used in mail actions like mail-whois can execute command allows an attacker to execute arbitrary commands due to unescaped sequences \n in foreign input...

fail2ban -- possible RCE vulnerability in mailing action using mailutils

Jakub Żoczek reports: Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences \n are available in "foreign" input for instance in whois output...

CVE-2021-32749

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...