EUVD-2023-35153

Malicious code in bioql PyPI...

CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the mail.Address value. An attacker can manipulate email routing or inject unauthorized SMTP parameters by supplying specially crafted email addresses. Note: This is only exploitable...

GHSA-WPWJ-69CM-Q9C5 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

Fedora 44 : bpftop (2025-1c5f1ce7a5)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1c5f1ce7a5 advisory. Automatic update for bpftop-0.7.1-1.fc44. Changelog Tue Sep 2 2025 Jose Fernandez - 0.7.1-1 - Update to version 0.7.1 - Update to upstream version...

Linux Distros Unpatched Vulnerability : CVE-2018-21017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC 0.7.1 has a memory leak in dinfRead in isomedia/boxcodebase.c. CVE-2018-21017 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-55286

The CVE-2025-55286 issue affects z2d v0.7.0/v0.7.0-era MSAA buffering. Under scenarios where a drawn path lies wholly or partly outside the rendering surface, incorrect bounding can cause out-of-bounds access in the coverage buffer, impacting high-level operations (Context.fill/stroke, painter.fi...

PT-2025-33515 · Z2D · Z2D

Name of the Vulnerable Software and Affected Versions: z2d versions 0.7.0 Description: z2d is a pure Zig 2D graphics library. A new multi-sample anti-aliasing MSAA method introduced in version 0.7.0 uses a new buffering mechanism for storing coverage data. Incorrect bounding under certain...

lmdeploy 安全漏洞

lmdeploy is an InternLM open source toolkit for compressing, deploying and serving LLM. A security vulnerability exists in lmdeploy version 0.7.1 and earlier, which stems from a deserialization issue in the PT file handling component...

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

SUSE CVE-2025-24882

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1...

CVE-2025-24882

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1...

CVE-2025-24882 regclient may ignore pinned manifest digests

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1...

regclient 数据伪造问题漏洞

regclient is a tool in the regclient open source. A data forgery issue vulnerability exists in versions of regclient prior to 0.7.1, which stems from the fact that a malicious registry may return a different summary of a fixed list without being detected...

CVE-2025-23690

Cross-Site Request Forgery CSRF vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through = 0.7.1...

CVE-2025-23690

Cross-Site Request Forgery CSRF vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through = 0.7.1...

WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin Book a Place versions = 0.7.1...