Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseurl, prepareimage and openaiaudiototext functions. An attacker can access internal resources and potentially exfiltra...

EUVD-2019-7881

Malware in sbrugna...

EUVD-2020-2720

Malware in sbrugna...

EUVD-2023-59720

Malicious code in bioql PyPI...

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

The design defect of the ActivePool rehypothecation mechanism, ReaperVaultV2 administrators have too much authority and have the conditions and motives to do evil, so make users lack trust in the ETHOS system (crisis of trust)

Lines of code Vulnerability details Impact In the design logic of the current system, ActivePool holds all the collaterals of active troves and deposits part of them in ReaperVaultV2 for re-mortgaging. If the deposit and withdraw functions of ReaperVaultV2 revert, Core functions such as borrowing...

CVE-2019-20811

An issue was discovered in the Linux kernel before 5.0.6. In rxqueueaddkobject and netdevqueueaddkobject in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c...

The vulnerability of the libld component in the library that handles system calls and core functions, glibc, allows a perpetrator to execute arbitrary code.

The vulnerability of the libld component in the library that provides system calls and core functions in glibc is related to insufficient input data validation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted ELF file...

The vulnerability of the memalign function in libraries that handle system calls and core glibc functions allows a attacker to cause a service failure.

The vulnerability of the memalign function in libraries that handle system calls and core glibc functions arises from a cyclic shift of pointers, which leads to memory overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure...

Lynis 2.3.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities

OVERVIEW Independent researcher Billy Rios has identified vulnerabilities in Hospira’s Plum A+ Infusion System that are similar to vulnerabilities identified in Hospira’s LifeCare PCA Infusion System discussed in advisory, ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities...

CVE-2014-1609

Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the 1 mcprojectgetattachments function in api/soap/mcprojectapi.php; the 2 newsgetlimitedrows function in core/newsapi.php; the 3...