EUVD-2025-21984

Malicious code in bioql PyPI...

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."

...

Linux Distros Unpatched Vulnerability : CVE-2024-57923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length...

SUSE CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

GHSA-MQCP-P2HV-VW6X Withdrawn Advisory: Thor can construct an unsafe shell command from library input.

Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...

Withdrawn Advisory: Thor can construct an unsafe shell command from library input.

Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...

AZL-65613 CVE-2025-54314 affecting package rubygem-thor 1.2.1-1

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

UBUNTU-CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

Thor can construct an unsafe shell command from library input.

Thor before 1.4.0 can construct an unsafe shell command from library input...

CVE-2022-28770

Due to insufficient input validation, SAPUI5 libraryvbm - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and...

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

CVE-2025-24336

CVE-2025-24336 concerns the SXF Common Library (OCF) where improper input data handling can cause a product that uses the library to crash when reading a crafted file. Public sources consistently describe the affected component as the SXF Common Library and cite the underlying issue as mishandlin...

CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library versions 1.3.4 to 3.5.7 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

py39-pycares -- domain hijacking vulnerability

Philipp Jeitner and Haya Shulman report: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability ...

Drupal Webform Multiple File Upload Remote Code Execution Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community; Webform Multiple File Upload module is a file upload module for Drupal. A remote code execution vulnerability exists in the Drupal Webform Multiple File Upload module. The vulnerabilit...

CVE-2002-1141

An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC...