16 matches found
CVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...
PT-2025-45034
Name of the Vulnerable Software and Affected Versions Salesforce Agentforce Vibes Extension versions prior to 3.2.0 Description An issue exists in Salesforce Agentforce Vibes Extension related to improper neutralization of input used for LLM prompting, potentially allowing manipulation of writabl...
PT-2025-45031
Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...
UBUNTU-CVE-2025-12207
A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may...
UBUNTU-CVE-2025-12206
A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...
CVE-2025-12206 Kamailio rvalue.c rve_is_constant null pointer dereference
A flaw has been found in Kamailio 5.5. The impacted element is the function rveisconstant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this...
EUVD-2008-1370
Malware in sbrugna...
EUVD-2022-6861
Malicious code in bioql PyPI...
EUVD-2022-29051
Malicious code in bioql PyPI...
GHSA-5478-V2W6-C6Q7 Duplicate Advisory: Keras arbitrary code execution vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually...
Duplicate Advisory: Keras arbitrary code execution vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually...
PYSEC-2025-122
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
CVE-2025-1550
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
CVE-2017-12778
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution
NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...