CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

EUVD-2025-10665

Malicious code in bioql PyPI...

EUVD-2025-28282

Malicious code in bioql PyPI...

AZL-65048 CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.40.0-8

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

CVE-2025-49135 CVAT missing validation for in-progress backup upload names

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refers to a TUS-uploaded file belonging to the...

CVE-2025-27427

A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When...

CVE-2022-48622 affecting package gdk-pixbuf2 for versions less than 2.40.0-6

CVE-2022-48622 affecting package gdk-pixbuf2 for versions less than 2.40.0-6. A patched version of the package is available...

CVE-2023-2335

Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows Registery modules allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0...

CVE-2023-2331

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

42Gears Surelock 代码问题漏洞

42Gears Surelock is an industry-leading tool from 42Gears USA that locks devices into kiosk mode. A security vulnerability exists in 42Gears Surelock version 2.40.0 that stems from the presence of elevation of privilege and local code execution issues...

SUSE CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

Improper Control of Generation of Code ('Code Injection') in Azure CLI

Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...

PYSEC-2022-43177

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

UBUNTU-CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...