CVE-2025-31973 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

CVE-2025-31973

Technical details for CVE-2025-31973 are not publicly available in the provided documents. Monitor for updates.

jsonwebtoken has insecure input validation in jwt.verify function

Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...

OnyxForum 路径遍历漏洞

OnyxForum is an open source forum repository for Space Station 13: Chaotic Onyx. A path traversal vulnerability exists in versions of OnyxForum prior to 2022-05-04, which stems from insecure use of the Flask sendfile function...

python-flask-restful-api 路径遍历漏洞

python-flask-restful-api is a python interface repository by the individual developer Akash Talole in India. A security vulnerability exists in python-flask-restful-api, which stems from insecure use of the Flask sendfile function...

SWHKD has unspecified vulnerabilities (CNVD-2022-43218)

SWHKD is a display protocol-independent hotkey daemon made with Rust. A security vulnerability exists in SWHKD, which stems from the insecure use of the /tmp/swhkd.sock pathname. An attacker could exploit the vulnerability to obtain sensitive information or launch a denial-of-service attack...

Mageia: Security Advisory (MGASA-2017-0251)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-15258 Insecure use of shell.openExternal in Wire

In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...

Hyland OnBase XML Deserialization Library Insecure Use Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase is vulnerable to an unsafe use of the XML deserialization library. No detailed vulnerability details are provided at this time...

CVE-2019-18899 apt-cacher-ng insecure use of /run/apt-cacher-ng

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1...

SUSE SLED15 / SLES15 Security Update : bubblewrap (SUSE-SU-2019:1826-1)

This update for bubblewrap fixes the following issues : Security issue fixed : CVE-2019-12439: Fixed insecure use of /tmp bsc1136958. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

SUSE-SU-2019:1826-1 Security update for bubblewrap

This update for bubblewrap fixes the following issues: Security issue fixed: - CVE-2019-12439: Fixed insecure use of /tmp bsc1136958...

CVE-2019-10135

A flaw was found in the yaml.load function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files...

Design/Logic Flaw

A flaw was found in the yaml.load function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files...

Debian: Security Advisory (DLA-1031-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RuboCop gem Insecure use of /tmp

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...

Arbitrary File Creation Via A Race Condition

didjvu allows malicious local users to create arbitrary files due to insecure use of /tmp. didjvu creates a unique temporary file directly in /tmp or in $TMPDIR, and passes the name of this file to c44, which will then be used as the output filename. Unfortunately, c44 deletes the output file, an...

JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

LinPHA 0.9.x/1.0 sec_stage_install.php language Parameter Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...

LinPHA 0.9.x/1.0 forth_stage_install.php language Variable POST Method Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...