Advisory ROSA-SA-2026-3131

Software: bind 9.11.36 OS: ROSA Virtualization 2.1 unaffected versions = bind-9.11.36-16.rv3.6 affected versions bind-9.11.36-16.rv3.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...

MiracleLinux 8 : nodejs:14 (AXSA:2023-5289:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5289:01 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 glob-parent: Regular Expression Denial of Service CVE-2021-35065...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

ROS-20251113-07

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

ROS-20251113-06

The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...

EUVD-2017-6764

Malware in sbrugna...

EUVD-2022-5155

Malicious code in bioql PyPI...

EUVD-2024-2429

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load function in the bundle/scripts.py file, which uses torch.load with weightsonly=True parameter. An attacker can execute arbitrary commands by...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.

The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system relates to the loading of unreliable external data alongside reliable data. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

CVE-2025-48882

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

CVE-2021-32925

admin/userimport.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities...

The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the fact that they allow the loading of unreliable external data alongside reliable data. This allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the data loading function from the arxiv scientific article archive in the GPT Academic machine learning application allows a hacker to perform an SSRF attack.

The vulnerability of the data loading function in the arxiv scientific article application for machine learning GPT Academic is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

BIT-NODE-MIN-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...