CVE-2025-71250

...

CVE-2025-71250

SPIP before 4.4.9 is affected by an Insecure Deserialization via the table_valeur filter and the DATA iterator, which accept serialized data. An attacker with prior access or another vulnerability can trigger arbitrary object instantiation and potentially code execution. The use of serialized dat...

SPIP 安全漏洞

SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability. This vulnerability stemmed from the tablevaleur filter and the DATA iterator accepting serialized data, which could lead to insecure deserialization attacks...

PT-2026-20848

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an insecure deserialization flaw. This issue affects the public area through the table valeur filter and the DATA iterator, which accept serialized data. An attacker...

Arbitrary Code Injection

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the unzipiter function due to the lack of validation before unpacking untrusted downloaded packages. An attacker c...

MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001271 advisory. The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003050)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003050 advisory. The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002400 advisory. The ieee80211radiotapiteratorinit function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of t...

CVE-2021-28028

An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic...

`IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

GHSA-RHFX-M35P-FF5J `IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

PT-2026-20916

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an Insecure Deserialization flaw. The issue is present in the handling of serialized data within the table valeur filter and the DATA iterator. An attacker who can...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993302 advisory. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the connection so use th...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

PT-2025-53725

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

Linux Distros Unpatched Vulnerability : CVE-2023-54101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - driver: soc: xilinx: use safe loop iterator to avoid a use after free The hashforeachpossible loop dereferences evedata to get the next item on the list. Howeve...

EUVD-2023-60344

In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use safe loop iterator to avoid a use after free The hashforeachpossible loop dereferences "evedata" to get the next item on the list. However the loop frees evedata so it leads to a use after free. Use...

CVE-2023-54101 driver: soc: xilinx: use _safe loop iterator to avoid a use after free

In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use safe loop iterator to avoid a use after free The hashforeachpossible loop dereferences "evedata" to get the next item on the list. However the loop frees evedata so it leads to a use after free. Use...