92 matches found
EUVD-2023-42881
Malicious code in bioql PyPI...
EUVD-2025-31407
Malicious code in bioql PyPI...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
The CVE-2025-3193 entry concerns algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 (and earlier) with a Prototype Pollution in the _merge() function of merge.js. The underlying issue allows modification of constructor.prototype and, in an extreme edge-case where the resulting error is caught...
Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...
CVE-2025-39803 scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove WARNONONCE call from ufshcduiccmdcompl The UIC completion interrupt may be disabled while an UIC command is being processed. When the UIC completion interrupt is reenabled, an UIC interrupt is triggered an...
Fedora 42 : open62541 (2025-c2afaee8fe)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-c2afaee8fe advisory. Changes in v1.4.13: server: Cover edge-case in the EventFilter validation client: Cover edge-case in the UserTokenPolicy validation arch: Process delayed...
SUSE CVE-2025-23141
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
CVE-2025-23141 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
SUSE CVE-2024-46829
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rtmutex::waitlock before scheduling rtmutexhandledeadlock is called with rtmutex::waitlock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless...
CVE-2024-34742
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
SUSE CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An authentication bypass vulnerability exists in...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An authentication bypass vulnerability exists in...
DEBIAN-CVE-2024-35878
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
Users of ReraiseCrowdfund will potentially not receive appropriate voting power
Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings45 Comments To mitigate M-05, the sponsor has added a delay of one epoch when the available CVX balance is enough to cover the withdrawal: 81: uint256...
M-07 Unmitigated
Lines of code Vulnerability details Mitigation of M-07: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings38 Comments The changes related to this issue are: Access control has been added to AfEth::depositRewards using the onlyVotiumOrRewarder modifier. This functi...