CVE-2025-15612

CVE-2025-15612 concerns Wazuh provisioning scripts and Dockerfiles where curl is invoked with -k/--insecure, skipping SSL/TLS certificate validation. The concrete details across connected documents show: affected component is the provisioning/build infrastructure; root cause is insecure transport...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

AZL-79280 CVE-2026-3381 affecting package openjpeg2 2.3.1-12

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

EUVD-2013-0039

Malware in sbrugna...

EUVD-2011-4067

Malware in sbrugna...

EUVD-2019-0045

Malware in sbrugna...

LM-Scout: Analyzing the Security of Language Model Integration in Android Apps

Developers are increasingly integrating Language Models LMs into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input length, and allowed topics. However, if the LM integration...

CVE-2024-21537

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

Account Manipulation

github.com/navidrome/navidrome is vulnerable to Account Manipulation. The vulnerability is due to the insecure usage of the MD5 hashing algorithm to generate Gravatar URLs, which allows attackers to change another user's information under a controlled email address...

Sandbox Escape

@hoppscotch/cli is vulnerable to Sandbox Escape. The vulnerability is due to the insecure usage of the Node.js vm module, which allows untrusted JavaScript code to break out of the sandbox. It allows to gain access to references of objects created outside of the vm context...

Laravel Ignition File Upload Vulnerability

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of filegetcontents and fileputcontents...

CVE-2023-41036 Macvim's Insecure Usage of IPC Mechanisms

Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication IPC mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What...

Default credentials

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite remote. ¶¶ An attacker can overwrite system files like system.conf and passwd, this occurs because the insecure usage of "fopen" system function with the mode "wb" which allow...

CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

CVE-2022-25858

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

orchest 路径遍历漏洞

orchest is an Orchest open source repository . Used to build data pipelines. A path traversal vulnerability exists in versions prior to orchest v2022.05.0, which stems from insecure use of the Flask sendfile function...

GFI Mail Archiver 代码问题漏洞

GFI Mail Archiver is used by GFI Malta to easily protect, store and retrieve electronic communications. A security vulnerability exists in GFI Mail Archiver version 15.1, which stems from the insecure use of the Telerik Web UI plugin affected by CVE-2014-2217 and CVE-2017-11317, which can be...

GHSA-8JMW-WJR8-2X66 Command injection in git-clone

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...

CVE-2022-25900 Command Injection

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...