Lucene search
+L

38 matches found

osv
osv
added 2026/06/01 7:5 a.m.17 views

MAL-2026-5165 Malicious code in @emcd-vue/loans (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling. This package was published 90...

6.1AI score
Exploits0References6
ossf
ossf
added 2026/06/01 7:0 a.m.19 views

Malicious code in @emcd-vue/b2b-pay-form (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling under the "EMCD Platform...

6.6AI score
Exploits0References6
osv
osv
added 2026/06/01 7:0 a.m.9 views

MAL-2026-5164 Malicious code in @emcd-vue/b2b-pay-form (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to distribute multiple malicious packages posing as internal tooling under the "EMCD Platform...

6.6AI score
Exploits0References6
github
github
added 2026/05/05 6:57 p.m.12 views

PPTAgent: Arbitrary File Write via `save_generated_slides`

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2008-4536

Malware in sbrugna...

8.5CVSS6.1AI score0.05061EPSS
Exploits1References12
osv
osv
added 2025/07/07 2:15 p.m.6 views

CVE-2023-51232

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

7.5CVSS5.8AI score0.00918EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:31 a.m.5 views

SUSE CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file...

9.3CVSS7.3AI score0.04886EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2022/09/28 12:0 a.m.8 views

The vulnerability of the rcp.c component in the NetKit-rsh remote execution program allows a attacker to compromise data integrity.

The vulnerability of the rcp.c component in the NetKit-rsh remote execution program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to compromise data integrity using a dummy file name or the file name “.”...

7.1CVSS6.7AI score0.02067EPSS
Exploits1References6Affected Software2
checkpoint_advisories
checkpoint_advisories
added 2019/02/04 12:0 a.m.8 views

LibreOffice and Openoffice Remote Code Execution (CVE-2018-16858)

A remote code execution vulnerability has been reported in LibreOffice and Openoffice. The vulnerability is due to insufficient validation of a link reference in a DOT file when processing events in the application. Successful exploitation of this vulnerability could allow a remote attacker to...

7.5CVSS4.8AI score0.67321EPSS
Exploits10
osv
osv
added 2016/01/08 7:59 p.m.3 views

DEBIAN-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS4.1AI score0.00394EPSS
Exploits0References1
osv
osv
added 2016/01/08 7:59 p.m.7 views

UBUNTU-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS5.8AI score0.00394EPSS
Exploits0References3
prion
prion
added 2016/01/08 7:59 p.m.23 views

Code injection

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

2.1CVSS6.8AI score0.00394EPSS
Exploits0References7Affected Software3
ubuntucve
ubuntucve
added 2016/01/08 7:59 p.m.29 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS5.9AI score0.00394EPSS
Exploits0References2
debiancve
debiancve
added 2016/01/08 7:0 p.m.23 views

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

3.3CVSS3.7AI score0.00394EPSS
Exploits0
amazon
amazon
added 2014/02/03 12:0 a.m.39 views

Medium: graphviz-php

Issue Overview: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Affected Packages: graphviz-php Issue Correction: Run yum update graphviz-php or yum update --advisory...

9.3CVSS7.6AI score0.04886EPSS
Exploits1
ubuntu
ubuntu
added 2014/01/16 1:22 p.m.51 views

USN-2083-1: Graphviz vulnerabilities

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. CVE-2014-0978, CVE-2014-1235 It was discovered that Graphviz...

10CVSS6.9AI score0.06082EPSS
Exploits2
nvd
nvd
added 2014/01/10 5:55 p.m.23 views

CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file...

9.3CVSS7.9AI score0.04886EPSS
Exploits1References12
osv
osv
added 2014/01/10 5:55 p.m.3 views

DEBIAN-CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file...

9.3CVSS7.7AI score0.04886EPSS
Exploits1References1
osv
osv
added 2014/01/10 5:55 p.m.9 views

CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file...

7.9AI score
Exploits0References13
prion
prion
added 2014/01/10 5:55 p.m.17 views

Stack overflow

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file...

9.3CVSS7.9AI score0.04886EPSS
Exploits1References12Affected Software1
Rows per page
Query Builder