DEBIAN-CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

CVE-2025-43718

CVE-2025-43718 affects Poppler 24.06.1 through 25.x before 25.04.0, where deeply nested PHP/PDF metadata parsing structures can trigger uncontrolled recursion in the regex executor, causing stack exhaustion and a SIGSEGV. The issue involves PDF metadata handling paths such as Dict::lookup and Cat...

Exploit for Out-of-bounds Write in 7-Zip

This repository is an exploit module for CVE-2022-29072, a privilege escalation vulnerability in 7-Zip through version 21.07 on Windows. The vulnerability allows an attacker to execute commands with elevated privileges when a file with the .7z extension is dragged to the HelpContents area. The...

Linux Distros Unpatched Vulnerability : CVE-2018-18245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

Linux Distros Unpatched Vulnerability : CVE-2020-13347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system...

SUSE CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

Malicious code in wicked-executor (npm)

The package wicked-executor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in xeno-executor (npm)

The package xeno-executor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-39623 Malicious code in xeno-executor (npm)

The package xeno-executor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-39262 Malicious code in wicked-executor (npm)

The package wicked-executor was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Prototype Pollution

@nyariv/sandboxjs is vulnerable to prototype pollution. The vulnerability is due to insufficient prototype access checks in the sandbox’s executor logic, particularly when handling JavaScript function objects, which allows an attacker to inject arbitrary properties into Object.prototype...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ParseRequestURI function in the arguments.go file. An attacker can execute arbitrary operating system commands by supplying crafted input to the affected process. Remediation Upgrade...

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

CVE-2025-34146

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...

agentengine (>=0.1.5 <=0.1.8), iflow-mcp-maxim-saplin-mcp-safe-local-python-executor (=0.1.0) +11 more potentially affected by CVE-2025-5120 via smolagents (>=0.1.3 <=1.16.1)

smolagents PYPI version =0.1.3, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.16.0, =0.0.1.dev0, =0.0.1, =0.3.0, =0.3.7 Source cves: CVE-2025-5120 Source advisory: OSV:GHSA-6V92-R5MX-H5FX...

UBUNTU-CVE-2022-50170

In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunitfiltertests It's possible that memory allocation for 'filtered' will fail, but for the copy of the suite to succeed. In this case, the copy could be leaked. Properly free 'cop...

CVE-2022-50170

In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunitfiltertests It's possible that memory allocation for 'filtered' will fail, but for the copy of the suite to succeed. In this case, the copy could be leaked. Properly free 'cop...

PT-2025-26096

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been identified in the Linux kernel, specifically in the kunit: executor component. The problem occurs when memory allocation for 'filtered' fails, but the copy o...

VulnCheck KEV: CVE-2025-29085

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component...

MARVEL: Multi-Agent RTL Vulnerability Extraction Using Large Language Models

Hardware security verification is a challenging and time-consuming task. For this purpose, design engineers may utilize tools such as formal verification, linters, and functional simulation tests, coupled with analysis and a deep understanding of the hardware design being inspected. Large Languag...