GHSA-73G8-5H73-26H4 @hpke/core reuses AEAD nonces

Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...

UBUNTU-CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits...

EUVD-2019-11469

Malware in sbrugna...

EUVD-2025-26739

Malicious code in bioql PyPI...

EUVD-2023-2800

Malicious code in bioql PyPI...

EUVD-2024-0838

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-28736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multibo...

CVE-2025-52554

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions prior to 1.99.1, which stems from an authorization vulnerability in the /rest/executions/:id/stop endpoint that could lead to a business interruption...

CVE-2019-25016

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0, which stems from a reflective cross-site scripting attack that could lead to multiple executions of a malicious script...

CVE-2024-41950

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja...

SQL Injection

1Panel is vulnerable to SQL Injection. The vulnerability is due to insufficient filtering of inputs, leading to arbitrary file writes and remote code executions RCEs...

CVE-2024-28244 KaTeX's maxExpand bypassed by Unicode sub/superscripts

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

Cross Site Request Forgery (CSRF)

org.jenkins-ci.plugins: docker-build-step is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of user inputs, allowing attackers to connect to an attacker-specified TCP or Unix socket URL and reconfigure the plugin using provided connection test...

QNAP QuTS hero Multiple OS Command Injection Vulnerabilities (QSA-24-12)

QNAP QuTS hero is prone to multiple OS command injection vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QNAP QTS Multiple OS Command Injection Vulnerabilities (QSA-24-12)

QNAP QTS is prone to multiple OS command injection vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...