EUVD-2022-55612

Malicious code in bioql PyPI...

EUVD-2023-29800

Malicious code in bioql PyPI...

EUVD-2024-3491

Malicious code in bioql PyPI...

EUVD-2024-20692

Malicious code in bioql PyPI...

Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the operations API response, which includes secret values used for authenticating WebSocket connections. An attacker can execute arbitrary commands with the privileges of another user by...

CVE-2025-59952

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

...

CVE-2021-4460

CVE-2021-4460 affects the Linux kernel drm/amdkfd path. The issue is a UBSAN shift-out-of-bounds warning when get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, causing a shift by the operand’s bit width (undefined behavior). The fix changes the code to set num_sdma_queues or num_xgmi_sdma_que...

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary There are vulnerabilities in Open Source Software OSS components consumed by IBM Planning Analytics. Additionally, IBM Planning Analytics is vulnerable to Cross-site scripting. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics...

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

CVE-2025-59952

CVE-2025-59952 is a vulnerability in the MinIO Java SDK (minio-java). In versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were substituted with their actual values during processing, potentially exposing sensitive information (credentials...

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

CVE-2025-35033

CVE-2025-35033 concerns Medical Informatics Engineering Enterprise Health. Affected: the platform's CSV export/download feature allowing a remote, authenticated attacker to inject macros into downloadable CSV files (CSV injection). Root cause details are not expanded in the provided documents bey...

GHSA-H7RH-XFPJ-HPCM MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

Unauthorized Disclosure Of Sensitive Data

github.com/rancher/fleet is vulnerable to Unauthorized Disclosure of Sensitive Data. The vulnerability is due to improper access control on BundleDeployment resources with GET or LIST permissions, which allows an attacker to retrieve Helm values containing credentials or other secrets...

Linux Distros Unpatched Vulnerability : CVE-2025-46152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the other argument. CVE-2025-46152 Note that Nessus...