PT-2026-34613

Name of the Vulnerable Software and Affected Versions Nuclei versions 3.0.0 through 3.7.9 Description A flaw in the JavaScript protocol runtime's module loading system allows JavaScript templates to read local .js and .json files from the host filesystem. This occurs because the require function...

SQL Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to SQL Injection due to unsafe construction of SQL statements in the...

OESA-2025-1623 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

PT-2024-9646 · Dell · Dell Ecs

Name of the Vulnerable Software and Affected Versions: Dell ECS versions prior to 3.8.0 Description: The issue is related to a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that lead to sensitive...

SUSE CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

PYSEC-2023-247

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

PT-2023-8840 · Aiohttp +3 · Aiohttp +3

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.0 Description: The issue is related to the inconsistent interpretation of the HTTP protocol, specifically when both Content-Length and Transfer-Encoding headers are present. This can lead to incorrect...

PT-2011-1093 · Logrotate +2 · Logrotate +2

Name of the Vulnerable Software and Affected Versions: logrotate versions 3.7.9 and earlier logrotate versions prior to 3.8.0 Description: The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename. This can be demonstrated by a filename...