EulerOS Virtualization 2.13.1 : python-ldap (EulerOS-SA-2025-2629)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

CVE-2024-58338

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

CVE-2024-58338

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

CVE-2024-58338

Anevia Flamingo XL 3.2.9 is affected by a restricted shell escape via the traceroute command. The underlying issue allows remote attackers to bypass the sandboxed login environment and inject shell commands, gaining full root access to the device. Documented impact includes full control and poten...

CVE-2024-58338 Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

CVE-2024-58338 Anevia Flamingo XL 3.2.9 Remote Root Jailbreak via Traceroute Command

Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the...

Composer is vulnerable to ANSI sequence injection

Impact Attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

OESA-2025-2904 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A vulnerability was found in GNOME GLib...

OESA-2025-2903 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A vulnerability was found in GNOME GLib...

OESA-2025-2901 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: A vulnerability was found in GNOME GLib...

Exploit for Incorrect Permission Assignment for Critical Resource in Fastgpt

CVE-2025-49131 - FastGPT Sandbox Escape POC ███████╗ ███...

CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Affected software: Whale browser (pre-4.35.351.12). Vulnerability: iframe sandbox escape in a sidebar environment. Root cause / impact: An attacker could escape the iframe sandbox, potentially bypassing security restrictions associated with the sandboxed context. The CVE entry and connected advis...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.35.351.12, which originates from an iframe sandbox escape in the sidebar environment...

PT-2025-53834

Name of the Vulnerable Software and Affected Versions Whale browser versions prior to 4.35.351.12 Description The Whale browser is susceptible to an iframe sandbox escape in a sidebar environment. An attacker can leverage this to bypass security restrictions imposed by the iframe sandbox...

Exploit for Improper Encoding or Escaping of Output in Git

CVE-2024-52005: ANSI Escape Sequence Injection in Git Over...