181 matches found
EUVD-2015-8488
Malware in sbrugna...
EUVD-2022-51060
Malicious code in bioql PyPI...
EUVD-2023-37274
Malicious code in bioql PyPI...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when compiling model with torch.rot90 and torch.randnlike functions while backend="aoteagerdecomppartition". An attacker can cause unexpected behavior or potentially manipulate outputs by...
Open Redirection
@astrojs/node is vulnerable to Open Redirection. The vulnerability is due to incorrect handling of double slashes with the Node deployment adapter in standalone mode and trailingSlash set to "always," allowing attackers to redirect users to malicious domains...
CVE-2025-54877
Tuleap CVE-2025-54877 affects Community Edition <16.10.99.1754050155 and Enterprise Edition <16.9-8 and
PT-2025-35223
Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.10.99.1754050155 Tuleap Enterprise Edition versions prior to 16.9-8 Tuleap Enterprise Edition versions prior to 16.10-5 Description: Tuleap is an Open Source Suite created to facilitate management...
@astrojs/node's trailing slash handling causes open redirect issue
Summary Following https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios. Details Astro 5.12.8 fixed a case where https://example.com//astro.build/press would redirect to the external origi...
GHSA-9X9C-GHC5-JHW9 @astrojs/node's trailing slash handling causes open redirect issue
Summary Following https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios. Details Astro 5.12.8 fixed a case where https://example.com//astro.build/press would redirect to the external origi...
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue
Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...
CVE-2025-55207
Astro CVE-2025-55207 describes an Open Redirect vulnerability in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone mode with trailingSlash set to "always", URLs like https://example.com//astro.build/press can redirect to //astro.build/press, en...
PT-2025-33494 · Astro · Astro
Name of the Vulnerable Software and Affected Versions: Astro versions prior to 9.4.1 Description: Astro is a web framework for content-driven websites. An open redirect vulnerability exists in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone...
Litestar has potential log injection in exception logging
Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...
Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
...
Apache httpd -- evaluation always true
The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...
Pulse-Level Simulation of Crosstalk Attacks on Superconducting Quantum Hardware
Hardware crosstalk in multi-tenant superconducting quantum computers poses a severe security threat, allowing adversaries to induce targeted errors across tenant boundaries by injecting carefully engineered pulses. We present a simulation-based study of active crosstalk attacks at the pulse level...
Malicious code in always-target (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-5360 Malicious code in always-target (npm)
The package communicates with a domain associated with malicious activity...
CVE-2022-48361
The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...