EUVD-2005-3123

Malware in sbrugna...

EUVD-2025-29020

Malicious code in bioql PyPI...

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-6454

CVE-2025-6454 affects GitLab CE/EE: authenticated users can trigger Server-Side Request Forgery by injecting crafted sequences to make unintended internal requests through proxy environments. Impacted versions are 16.11 up to 18.1.5, 18.2 up to 18.2.5, and 18.3 up to 18.3.1 (i.e., before 18.1.6, ...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

PYSEC-2025-148

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

SUSE CVE-2005-3123

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed...

SUSE CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have...

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

...

USN-4747-1 screen vulnerability

Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Design/Logic Flaw

In Schneider Electric ClearSCADA 2014 R1 build 75.5210 and prior, 2014 R1.1 build 75.5387 and prior, 2015 R1 build 76.5648 and prior, and 2015 R2 build 77.5882 and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...