CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

PDPL Metric: Validating a Scale to Measure Personal Data Privacy Literacy among University Students

Personal data privacy literacy PDPL refers to a collection of digital literacy skills related to an individuals ability to understand, evaluate, and manage the collection, use, and protection of personal data in online and digital environments. This study introduces and validates a new psychometr...

Progress多款产品 代码注入漏洞

Progress Hybrid Data Pipeline and others are products of Progress, Inc.Progress Hybrid Data Pipeline is a data pipeline software.Progress Hybrid Data Pipeline Server is a data pipeline server. Progress DataDirect Connect for JDBC is a set of high-performance JDBC drivers. A code injection...

EUVD-2020-0554

Malware in sbrugna...

EUVD-2003-0559

Malware in sbrugna...

EUVD-2010-1339

Malware in sbrugna...

EUVD-2023-1884

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-39417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct...

CVE-2010-1310

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages...

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

BIT-CILIUM-OPERATOR-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

[SECURITY] Fedora 38 Update: rubygem-yard-0.9.36-1.fc38

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

CLSA-2023-1696537563 Fix CVE(s): CVE-2023-39417

SECURITY UPDATE: SQL injection when @extowner@, @extschema@, or @extschema:...@ appeared inside a quoting construct dollar quoting, '', or "" - debian/patches/CVE-2023-39417: reject substituting extension schemas or owners matching "$'. - CVE-2023-39417 -- Pavel Kopylov Fri, 15 Sep 2023 10:55:03...

CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

The code uses assembly for memory allocation, which can be complex and prone to errors.

Lines of code Vulnerability details Impact The code uses assembly for memory allocation, which can be complex and prone to errors. Inefficient memory management can lead to gas inefficiency and potential vulnerabilities. Proof of Concept The code uses assembly for memory allocation, which can be...