187 matches found
EUVD-2021-0969
Malware in sbrugna...
EUVD-2022-55319
Malicious code in bioql PyPI...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1043 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.0.9, =0.0.1, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.1 - @alphalang-ai/alphalang =0.0.1-alpha and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...
Malicious code in @zalastax/nolb-expr- (npm)
The package @zalastax/nolb-expr- was found to contain malicious code...
Malicious code in @zalastax/nolb-expr (npm)
The package @zalastax/nolb-expr was found to contain malicious code...
MAL-2025-43214 Malicious code in @zalastax/nolb-expr (npm)
The package @zalastax/nolb-expr was found to contain malicious code...
MAL-2025-43215 Malicious code in @zalastax/nolb-expr- (npm)
The package @zalastax/nolb-expr- was found to contain malicious code...
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.
...
An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.
...
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
PT-2025-30579
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.64 Description A flaw exists in Apache HTTP Server where all "RewriteCond expr ..." tests evaluate as true. Recommendations Upgrade to version 2.4.65...
Security Bulletin: The Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression, affects watsonx.data
Summary In scenarios where input size isn't limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead toexcessive memory usage and an Out-Of-Memory OOM crash of the process. This issue is relatively uncomm...
github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input
A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive memo...
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: amazon-cloudwatch-agent
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
CBL Mariner 2.0 Security Update: coredns / ig / keda (CVE-2025-29786)
The version of coredns / ig / keda installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...