CVE-2026-41082

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...

PT-2026-1783

Name of the Vulnerable Software and Affected Versions AcademySoftwareFoundation OpenColorIO versions through 2.5.0 Description An issue exists in AcademySoftwareFoundation OpenColorIO up to version 2.5.0 related to an out-of-bounds read condition. This occurs within the ConvertToRegularExpression...

CVE-2025-64124

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: before 2.5.1...

CVE-2025-64124

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: before 2.5.1...

CVE-2025-64124

CVE-2025-64124 is an OS command injection in Nuvation Energy Multi-Stack Controller (MSC). Multiple connected sources (NVD, Red Hat advisories, CIRCL) confirm the issue affects MSC versions prior to 2.5.1 due to improper neutralization of special elements used in OS commands. The vulnerability ex...

CVE-2025-64124 Nuvation Energy Multi-Stack Controller OS Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: before 2.5.1...

Meshtastic device firmware 数据伪造问题漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A data forgery vulnerability exists in Meshtastic versions prior to 2.5.1, which stems from the remote hardware module not checking if a received remo...

Meshtastic device firmware 安全漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware versions prior to 2.5.1 that stems from the presence of a node that bypasses...

PrestaShop Kerawen Security Vulnerability

PrestaShop KerAwen is an e-commerce cash register solution from PrestaShop USA. A security vulnerability exists in PrestaShop Kerawen versions prior to v2.5.1 that stems from the parameter ocsidcart containing an SQL injection vulnerability...

GHSA-C732-XVV8-G94C Command Injection in Apache Airflow and Apache Airflow MySQL Provider

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

PT-2021-21751 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of tf.raw ops.SparseDenseCwiseDiv is vulnerable to a division...

PT-2021-21079 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.1 Description: The issue allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get file is used with extract=True. It's noted that the vendor's position is that...

PYSEC-2021-79

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...

PT-2021-14348 · Pypi · Cairosvg

Name of the Vulnerable Software and Affected Versions: CairoSVG versions prior to 2.5.1 Description: The issue is related to a regular expression denial of service REDoS vulnerability in CairoSVG, a Python package used for converting SVG files. When processing SVG files, CairoSVG uses two regular...

PT-2019-13436 · Impress · Give

Name of the Vulnerable Software and Affected Versions: Impress GiveWP Give plugin versions prior to 2.5.1 Description: A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via the includes/payments/class-payments-query.php file...