91 matches found
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...
CVE-2023-20540
CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...
RLSA-2026:24331 Important: cockpit-image-builder security update
The image-builder-frontend generates custom images suitable for deploying systems or uploading to the cloud. It integrates into Cockpit as a frontend for osbuild. Security Fixes: lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via...
PT-2026-48680
Name of the Vulnerable Software and Affected Versions free5GC UDR affected versions not specified Description Improper input validation exists in the EE subscription handlers of the free5GC UDR. The system uses a regular expression to validate the ueId variable that includes a catch-all...
CVE-2026-25680
A flaw was found in golang.org/x/net/html. A remote attacker could provide specially crafted HTML, which, when parsed by the affected component, would consume excessive CPU resources. This could lead to a Denial of Service DoS condition, making the system unavailable to legitimate users. Mitigati...
CVE-2026-25680
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...
CVE-2026-42228
n8n (open source workflow automation) has a vulnerability in the /chat WebSocket endpoint used by the Chat Trigger node’s Hosted Chat feature. The issue: an unauthenticated attacker could attach to a workflow execution in a waiting state without verifying authorization, receive the pending prompt...
Eval Injection
Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...
CVE-2026-35053
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...
EUVD-2018-17180
Malware in sbrugna...
EUVD-2014-9442
Malware in sbrugna...
EUVD-2018-20477
Malware in sbrugna...
EUVD-2022-6038
Malicious code in bioql PyPI...
EUVD-2022-6077
Malicious code in bioql PyPI...
EUVD-2022-38612
Malicious code in bioql PyPI...
EUVD-2022-6626
Malicious code in bioql PyPI...
EUVD-2022-6096
Malicious code in bioql PyPI...
EUVD-2022-7229
Malicious code in bioql PyPI...
CVE-2025-59937
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...
CVE-2024-36346
Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...