CVE-2025-8405 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

EUVD-2019-7659

Malware in sbrugna...

EUVD-2020-16637

Malware in sbrugna...

EUVD-2020-5533

Malware in sbrugna...

EUVD-2019-7397

Malware in sbrugna...

EUVD-2021-3061

Malicious code in bioql PyPI...

EUVD-2023-2675

Malicious code in bioql PyPI...

EUVD-2024-37284

Malicious code in bioql PyPI...

EUVD-2023-36562

Malicious code in bioql PyPI...

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

CVE-2021-0442

In updateInfo of androidhardwareinputInputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-23900

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b...

CVE-2019-17243

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEGLS+0x0000000000003155...

CVE-2019-17244

IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEGLS+0x0000000000001d8a...

CVE-2018-19343

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read, obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faulting...

CVE-2024-38371

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

CVE-2024-46797

CVE-2024-46797 : In the Linux kernel (PowerPC/MCS qspinlock), a deadlock can occur when an interrupt happens in queued_spin_lock_slowpath() after qnodesp->count is incremented but before node->lock is initialized. This can allow a CPU to see stale lock values and write the wrong qnode’s nex...

CVE-2024-46797 powerpc/qspinlock: Fix deadlock in MCS queue

In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queuedspinlockslowpath after we increment qnodesp-count and before node-lock is initialized, another CPU might see stale lock values in gettailqnode. If the...

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

Red Hat OpenShift 安全特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...