CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

EUVD-2023-48036

Malicious code in bioql PyPI...

CVE-2022-42125

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module...

CVE-2023-20040

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

CVE-2021-24825 Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

Fixed in ClickHouse Release 19.14.3.3, 2019-09-10 

Аn attacker that has write access to ZooKeeper and who can run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the...

vTiger CRM 5.0.4 - Remote Code Execution Cross-Site Request Forgery Local File Inclusion Cross-Site Scripting

vTiger CRM 5.0.4 - Remote Code Execution Cross-Site Request Forgery Local File Inclusion Cross-Site Scripting Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium...