26 matches found
External Control of File Name or Path
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...
Incomplete List of Disallowed Inputs
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by supplying a sandb...
Improper Verification of Cryptographic Signature
Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...
Improper Validation of Syntactic Correctness of Input
Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over assistants across different workspac...
Authentication Bypass Using an Alternate Path or Channel
Overview next is a react framework. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the handling of segment-prefetch routes. An attacker can gain unauthorized access to protected content by crafting .rsc and segment-prefetch URLs tha...
Exposure of Resource to Wrong Sphere
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of Redis cache keys for toolservers and terminalservers when multiple instances share a Redis backend. An attacker can overwrite or inject malicious tool...
Allocation of Resources Without Limits or Throttling
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denia...
Improper Validation of Unsafe Equivalence in Input
Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the POST /sessions/:sessionKey/kill process. An attacker can terminate active subagent sessions by sending requests with only read-scoped identity-bearing...
PT-2026-25987
Summary A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS queries over TCP. Harden-Runner enforces egress policies on GitHub runners by filtering outbound connections at the network layer. When egress-policy:...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Incomplete List of Disallowed Inputs
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Deserialization of Untrusted Data
Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the model loading process with weightsonly=False. An attacker can execute arbitrary code, escalate privileges, disclose sensitive information...
Command Injection
Overview @signalk/set-system-time is a Signal K server plugin to set system date & time on Signal K data, usually from a GPS Affected versions of this package are vulnerable to Command Injection via the stream.onValue function. An attacker can execute arbitrary shell commands on the server by...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denia...
Arbitrary Argument Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Argument Injection vi...
EUVD-2025-27571
Malicious code in bioql PyPI...
Google Sign-In for Rails allowed redirects to malformed URLs
Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...