4057 matches found
EUVD-2020-7784
Malware in sbrugna...
EUVD-2019-6418
Malware in sbrugna...
EUVD-2020-25347
Malware in sbrugna...
EUVD-2023-25266
Malicious code in bioql PyPI...
EUVD-2025-20214
Malicious code in bioql PyPI...
EUVD-2023-1140
Malicious code in bioql PyPI...
EUVD-2022-25734
Malicious code in bioql PyPI...
Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)
Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...
Linux Distros Unpatched Vulnerability : CVE-2024-40673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1964)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...
BIT-LIBPYTHON-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...
GHSA-JJPH-296X-MRCR Transformers vulnerable to ReDoS attack through its get_imports() function
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...
Transformers vulnerable to ReDoS attack through its get_imports() function
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...
CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...
CVE-2025-3264
CVE-2025-3264 (Hugging Face Transformers) is a ReDoS in get_imports() of dynamic_module_utils.py. The issue stems from a regex used to filter out Python try/except blocks: \stry\s :.?except. ?:, which can cause catastrophic backtracking and excessive CPU usage. Affected versions are 4.49.0; fixed...
DEBIAN-CVE-2025-40909
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...
CVE-2022-20419
In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...