python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

EUVD-2024-23242

Malicious code in bioql PyPI...

RLSA-2025:16154 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

CVE-2024-23732

The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...