2668 matches found
EUVD-2025-25632
Malicious code in bioql PyPI...
EUVD-2024-37634
Malicious code in bioql PyPI...
EUVD-2024-47368
Malicious code in bioql PyPI...
EUVD-2025-29841
Malicious code in bioql PyPI...
EUVD-2025-24827
Malicious code in bioql PyPI...
SUSE CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226
CVE-2025-11226 is an ACE vulnerability in logback-core’s conditional configuration file processing. The attackable path is present in Java applications using logback-core versions up to 1.5.18 (some sources reference up to 1.5.34); exploitation can enable arbitrary code execution by compromising ...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...
NewStart CGSL MAIN 6.06 : dbus Multiple Vulnerabilities (NS-SA-2025-0231)
The remote NewStart CGSL host, running version MAIN 6.06, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses o...
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection when processing XML data with tags containing references to system properties or environment variables. An attacker can access sensitive information, such as credentials, file paths, or system configuration details, by...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update
New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update
New images are available for Red Hat build of Keycloak 26.2.9 and Red Hat build of Keycloak 26.2.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...
CVE-2025-10634
A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...