CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

CVE-2024-3935

In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the...

CVE-2023-6367 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Roles

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to...

DRUPAL-CONTRIB-2023-053

The Xsendfile module enables fast transfer for private files in Drupal. In order to control private file downloads, the module overrides ImageStyleDownloadController, for which a vulnerability was disclosed in SA-CORE-2023-005. The Xsendfile module was still based on an insecure version of...

Input validation

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...

Google Chrome < 118.0.5993.70 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 118.0.5993.70. It is, therefore, affected by multiple vulnerabilities as referenced in the 202310stable-channel-update-for-desktop10 advisory. - Use after free in Blink History in Google Chrome prior to 118.0.5993.70...

CVE-2022-24880

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...

CVE-2001-0850

The CVE-2001-0850 entry concerns a configuration error in the libdb1 package of OpenLinux 3.1. The vulnerability arises from insecure versions of snprintf and vsnprintf used by libdb1, which could allow local or remote users to trigger a buffer overflow. Affected software: OpenLinux 3.1 (libdb1)....