10310 matches found
CVE-2025-71340
CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...
CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...
CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...
CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...
CVE-2021-47986
Parse Server exposes a supply-chain vulnerability affecting all versions before 4.10.0 where incorrect version tags were pushed to the repository, linking to unreviewed code in a personal fork. Attackers could specify affected version tags in dependency declarations to execute unreviewed and pote...
DEBIAN-CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
UBUNTU-CVE-2026-11310
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
CVE-2026-11310
The CVE-2026-11310 entry concerns wolfSSL’s X509_verify_cert() when built with --enable-opensslextra (OPENSSL_EXTRA) and used by applications that pass untrusted intermediates to X509_verify_cert(). The root cause is that wolfSSL temporarily loads untrusted intermediates into the certificate mana...
CVE-2026-11310 X.509 trust-chain bypass in wolfSSL_X509_verify_cert() via untrusted intermediate anchoring
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...
CVE-2026-55960
The CVE-2026-55960 entry describes a vulnerability in wolfSSL builds that support Raw Public Key (RPK). Un-negotiated Raw Public Key (RFC 7250) could be accepted in place of an X.509 certificate by ParseCertRelative(), bypassing trust checks, because a raw public key has no chain. The fix/workaro...
EUVD-2026-39544
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-55964
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...
CVE-2026-44017
A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...
CVE-2026-6091
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...
UBUNTU-CVE-2026-11999
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
UBUNTU-CVE-2026-6091
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...
Malicious code in ts-opus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73b0105b34723dd6e1449c3353d1d4df0dcf94ae460a4dfd156566bb4ba372c7 ts-opus 0.0.8 ships an unmodified copy of MikeMcl/big.js README, copyright, and repository URL all reference big.js but injects an additional top-lev...
MAL-2026-6468 Malicious code in ts-opus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73b0105b34723dd6e1449c3353d1d4df0dcf94ae460a4dfd156566bb4ba372c7 ts-opus 0.0.8 ships an unmodified copy of MikeMcl/big.js README, copyright, and repository URL all reference big.js but injects an additional top-lev...
CVE-2026-55413
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...