10 matches found
CVE-2023-54237
CVE-2023-54237 affects the Linux kernel net/smc component. The root cause described across connected documents is that smc_llc_srv_add_link() could be invoked without proper protection, potentially allowing a second link to be added to a link group and thereby breaking the security environment pr...
EUVD-2025-14803
Malicious code in bioql PyPI...
EUVD-2022-33569
Malicious code in bioql PyPI...
CVE-2025-30653 Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service DoS.On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path LSP is...
CVE-2025-30371
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
SUSE CVE-2022-48662
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915gemcontext.link under ref protection i915perf assumes that it can use the i915gemcontext reference to protect its i915-gem.contexts.list iteration. However, this requires that we do not remove the...
node-tar 后置链接漏洞
node-tar is a software package for file compression/decompression. A backlink vulnerability exists in node-tar, which is an arbitrary file creation/overwrite vulnerability that stems from insufficient symbolic link protection...
CVE-2021-23240
A race condition vulnerability was found in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, this flaw allows a malicious user with sudoedit permissions to set the owner of an arbitrary file to the user ID of the target user, potentially leading...
HackerOne: Changing Victim's JIRA Integration Settings Through Multiple Bugs
Summary: Changing victim's JIRA integration settings through multiple bugs. Description: Using multiple HackerOne bugs, an attacker can change the victim's JIRA integration settings. Bugs: 1 The Jira integration consent screen lacks information about the Jira project that will be connected to...