GHSA-V2XR-WVRV-P969 RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Excel spreadsheets within Microsoft Office products and Microsoft 365 Apps for Enterprise exists due to the presence of invalid references or links in Microsoft Excel files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

UBUNTU-CVE-2024-35838

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet e.g. during connection to an AP MLD, we might remove the station without ever marking links valid, and leak them. F...

PT-2025-18877 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been resolved in the Linux kernel. The issue occurred when the link was created by userspace but not activated yet, resulting in a chandef that is...

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

...

UBUNTU-CVE-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged...

Khan Academy: The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.

Summary The endpoint /api/internal/graphql/requestAuthEmail on www.khanacademy.org is vulnerable to a Race condition attack. That may cause a random e-mail user to receive an important amount of emails to Finish signing up for Khan Academy with invalid links. The attack is because your web...