14 matches found
EUVD-2017-17266
Malware in sbrugna...
EUVD-2025-0011
Malicious code in bioql PyPI...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
CVE-2021-41248
GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
Peplink Smart Reader /bin/login privilege escalation vulnerability
Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...
Credential Disclosure Through Logs
github.com/ydb-platform/ydb-go-sdk is vulnerable to Information Disclosure. The vulnerability is due to a custom implementation of the credentials interface. During logging, the credentials are directly serialized into the error message. If an application defines a custom credential interface, an...
CVE-2023-41051
In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...
PT-2023-27763 · Vm-Memory +1 · Vm-Memory +1
Name of the Vulnerable Software and Affected Versions: vm-memory versions 0.1.0 through 0.12.1 Description: An issue was discovered in the default implementations of the VolatileMemory::get atomic ref, aligned as ref, aligned as mut, get ref, get array ref trait functions, which allows...
Lack of Access Control
Lines of code Vulnerability details Impact The contract does not enforce proper access control mechanisms for critical functions such as deployWithdrawVault, deployNodeELRewardVault, updateStaderConfig, and updateVaultProxyAddress. As a result, any address can call these functions and potentially...
MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...
bespoke Cell implementation allows obtaining several mutable references to the same data
The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...
Mail Security Testing Framework
Mail Security Testing Framework is a testing framework for mail security and filtering solutions. The mail security testing framework works with with Python =3.5. Just pull this repository and go ahead. No further dependencies are required. Usage The script mail-tester.py runs the tests. Read the...