Unsafe Dependency Resolution

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the pullpackage API function. An attacker can execute arbitrary commands on the victim's machine by exploiting the...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the runtool command which exposes classes in the water.tools package via the ast parser. An attacker can shut down the server and write large files to arbitrary directories by exploiting the...

adclaw (>=1.0.0 <=1.0.4), agentloop-sdk (>=0.3.0 <=0.4.0) +23 more potentially affected by CVE-2024-8524 via agentscope (>=1.0.10 <=1.0.19.post1)

agentscope PYPI version =1.0.10, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.0, =0.1.2 and more Source cves: CVE-2024-8524 Source advisory: OSV:PYSEC-2025-83...

Security update for tiff

This update for tiff fixes the following issues: CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits in tiffcrop.c bsc1212607. CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt leading to denial of service bsc1219213. Other bugfixes: Fixed tiff build issue on...

DEBIAN-CVE-2025-21754

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...

CVE-2025-1225

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

CVE-2024-5792

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

OSV-2024-1427 Heap-buffer-overflow in extract_mediaip

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391975654 Crash type: Heap-buffer-overflow READ 1 Crash state: extractmediaip parsesdpsession parsemixedcontent...

PT-2025-5652 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions extract mediaip, parse sdp session, and parse mixed content. No...

OSV-2024-1424 Heap-buffer-overflow in extract_candidate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391689728 Crash type: Heap-buffer-overflow READ 8 Crash state: extractcandidate parsesdpsession parsemixedcontent...

PT-2025-5651 · Git +1 · Kamailio

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 8 crash has been reported. The crash occurs in the following functions: extract candidate, parse sdp session, and parse mixed...

WordPress plugin استخراج محصولات ووکامرس برای آیسی 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

SUSE CVE-2024-47546

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction atomlength - 8 may result in an underflow if atomlength is less than 8. When that subtraction...

EUVD-2024-3441

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal to create files in extract in zip.py for ZipFile.extractall and ZipFile.extract...

Visteon Infotainment 操作系统命令注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from an operating system command injection vulnerability that stems from an improper system call to the UPDATESExtractFile function when handling a specially crafted software update...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the extarctZippedFile feature containing a directory traversal remote code execution vulnerability...

Visteon Infotainment 操作系统命令注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from an operating system command injection vulnerability that stems from an improper system call to the REFLASHDDUExtractFile function when handling a specially crafted software update...

OSV-2024-1332 Negative-size-param in extract_mr_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379768247 Crash type: Negative-size-param Crash state: extractmrdata parsemrstring readstatparsesav...