664 matches found
EUVD-2022-4750
Malicious code in bioql PyPI...
EUVD-2022-5037
Malicious code in bioql PyPI...
EUVD-2025-15999
Malicious code in bioql PyPI...
EUVD-2025-7998
Malicious code in bioql PyPI...
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity due to an inefficient algorithmic complexity issue in the mjson parsing library when analyzing JSON content, such as with the jsonquery or jwtpayloadquery function. An attacker can cause resource...
SandCell: Sandboxing Rust beyond Unsafe Code
Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...
Incorrect Authorization
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Incorrect Authorization via the AnnotationsScanner and AnnotatedMethod class. An attacker can gain unauthorized...
Spring Security annotation detection mechanism has authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
CVE-2025-41248
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
Connect Your AI to Everything: Spring AI's MCP Boot Starters
The Model Context Protocol MCP standardizes how AI applications interact with external tools and resources. Spring joined the MCP ecosystem early as a key contributor, helping to develop and maintain the official MCP Java SDK that serves as the foundation for Java-based MCP implementations...
TinyEnv 输入验证错误漏洞
TinyEnv is an environment variable loader for the Dat Duy Personal Developer. An input validation error vulnerability exists in TinyEnv versions 1.0.9 and 1.0.10, which stems from improper handling of inline annotations and can lead to configuration errors...
Linux Distros Unpatched Vulnerability : CVE-2025-57833
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases,...
This Week in Spring - August 26th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...
CVE-2025-53853
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2025-53853
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2025-53853
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...
CVE-2025-53853
CVE-2025-53853 describes a heap-based buffer overflow in the ISHNE parsing function of The Biosig Project’s libbiosig 3.9.0 and Master Branch (commit 35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. The vulnerability affects the library’s ISHNE parsi...
CVE-2025-53853
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this...