GHSA-PW8R-6689-XVF4 Angular Expressions - Remote Code Execution using filters

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: const expressions = require"angular-expressions"; const result = expressions.compile"a | proto", ; This should throw the error : Filter 'proto' is not...

Security update for python313

This update for python313 fixes the following issues: Update to 3.13.9: CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305 Other...

MAL-2025-13903 Malicious code in a-lbum-do-wnload-avai-lable-file-105412-gilberto-gil-yhd80-ckwsmo (npm)

The package a-lbum-do-wnload-avai-lable-file-105412-gilberto-gil-yhd80-ckwsmo was found to contain malicious code...

Malicious code in a-lbum-do-wnload-avai-lable-file-105412-gilberto-gil-yhd80-ckwsmo (npm)

The package a-lbum-do-wnload-avai-lable-file-105412-gilberto-gil-yhd80-ckwsmo was found to contain malicious code...

CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...

SUPREMO 4.1.3.2348 Privilege Escalation

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

CVE-2013-1895

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...

Out-of-bounds

An issue was discovered in SVG++ aka svgpp 1.2.3. After calling the gil::getcolor function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read...

DEBIAN-CVE-2019-6246

An issue was discovered in SVG++ aka svgpp 1.2.3. After calling the gil::getcolor function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. An issue was discovered in SVG++ aka svgpp 1.2.3. After calling the gil::getcolor function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an...

CVE-2019-6246

An issue was discovered in SVG++ aka svgpp 1.2.3. After calling the gil::getcolor function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read...

PT-2019-18051 · Boost +3 · Boost +3

Name of the Vulnerable Software and Affected Versions: svgpp version 1.2.3 Description: An issue was discovered in the Generic Image Library in Boost, where after calling the gil::get color function, the return code is used as an address. This leads to an Access Violation due to an out-of-bounds...

Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS

Adobe released a patch for a critical flaw on Tuesday that leaves its Flash Player vulnerable to arbitrary code execution by an adversary. Affected are versions of the Flash Player running on Windows, macOS, Linux and Chrome OS. In tandem, a Microsoft Security Advisory was also issued for the bug...

gil-design.com XSS vulnerability

Open Bug Bounty ID: OBB-572580 Description| Value ---|--- Affected Website:| gil-design.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

gil-design.com XSS vulnerability

Open Bug Bounty ID: OBB-571799 Description| Value ---|--- Affected Website:| gil-design.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

gil-design.com XSS vulnerability

Open Bug Bounty ID: OBB-570210 Description| Value ---|--- Affected Website:| gil-design.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

gil-design.com XSS vulnerability

Open Bug Bounty ID: OBB-540039 Description| Value ---|--- Affected Website:| gil-design.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

Storage API - Moderately Critical - Access Bypass - SA-CONTRIB-2015-114

The Storage API module creates an underlying agnostic storage layer for Drupal using many different underlying storage methods. Storage API can be used to create fields for entities to hold data. The module failed to restrict access to the Storage API fields attached to entities that are not node...

Windows Media Player AIFF Divide By Zero Exception DoS PoC

No description provided by source. / Windows Media Player AIFF Divide By Zero Exception DOS POC by Hong Gil-Dong, Jeon Woo-chi Jeong Ji-Sang ?1135, He was one of the most famous korean poet. This poem says sadness about good-bye'. áêì éúí§ áêè° °ù¼ò× ×¨à÷...