Lucene search
K

2664 matches found

Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 8:33 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Ubuntu
Ubuntu
added 2025/11/24 2:53 p.m.5 views

USN-7886-1: Python vulnerabilities

It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. CVE-2025-6075 Caleb Brown discovered that Python incorrectly handled the ZIP64 End ...

5.5CVSS6.8AI score0.00345EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:11 p.m.22 views

Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable

Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

7CVSS7.8AI score0.00181EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/18 4:15 p.m.3 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS0.00306EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/06 10:13 a.m.4 views

CVE-2025-6075

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

4CVSS7AI score0.00136EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.4 views

TencentOS Server 4: grafana-pcp (TSSA-2025:0833)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0833 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.7AI score0.00489EPSS
Exploits1References2
OSV
OSV
added 2025/11/03 9:49 p.m.4 views

GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

5.3CVSS7AI score0.00251EPSS
Exploits0References4
OSV
OSV
added 2025/10/31 5:15 p.m.7 views

AZL-69628 CVE-2025-6075 affecting package python3 for versions less than 3.12.9-6

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2025/10/31 5:15 p.m.3 views

UBUNTU-CVE-2025-6075

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References5
CVE
CVE
added 2025/10/31 4:41 p.m.45 views

CVE-2025-6075

CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...

5.5CVSS6.5AI score0.00136EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython versions prior to 3.15.0, which stems from a user-controllable value passed to os.path.expandvars that could lead to degraded environment variable expansion performance...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References8
Snyk
Snyk
added 2025/10/30 8:41 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

7.5CVSS7.5AI score0.01129EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/30 5:4 p.m.12 views

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

8.8CVSS8.4AI score0.00778EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2025/10/30 5:4 p.m.3 views

GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

8.8CVSS8.4AI score0.00778EPSS
Exploits3References5
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

sqls 安全漏洞

sqls is the sqls-server open source a SQL language server written in Go. A security vulnerability exists in sqls version 0.2.28, which stems from the openEditor function not cleaning up the EDITOR environment variable and configuration file path, which could lead to a command injection attack...

7.5CVSS7.5AI score0.01129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44455

Name of the Vulnerable Software and Affected Versions sqls-server/sqls version 0.2.28 Description sqls-server/sqls version 0.2.28 contains a command injection issue in the config command. The openEditor function passes the EDITOR environment variable and the config file path to sh -c without prop...

7.5CVSS7.8AI score0.01129EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.4 views

Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2023-4911)

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS7.4AI score0.81422EPSS
Exploits26References7
Rows per page
Query Builder