10267 matches found
Siemens SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2020-15523)
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...
ROS-20251113-07
The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...
ROS-20251113-06
The BIND DNS server vulnerability is related to a pseudo-random number generator PRNG vulnerability. Exploitation exploitation of the vulnerability could allow a remote attacker to compromise the integrity of data in the DNS system A vulnerability in the BIND DNS server is related to the loading ...
CVE-2025-42895
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...
Apache OpenOffice 安全漏洞
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990770)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990770 advisory. In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if listversions races with module loading listversions will first...
EulerOS 2.0 SP10 : perl (EulerOS-SA-2025-2426)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...
CVE-2025-40763
A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary...
kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...
EUVD-2025-60984
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...
CVE-2025-42895
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...
CVE-2025-42895
CVE-2025-42895 affects the SAP HANA JDBC Client. The vulnerability arises from insufficient validation of connection property values, allowing a high-privilege, locally authenticated user to supply crafted parameters that lead to unauthorized code loading. According to the connected sources, the ...
SAP HANA 代码注入漏洞
SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functionality to support users to query and analyze real-time business data. A code injection vulnerability exists in SAP HANA that stems from insufficient validation o...
PT-2025-46540
Name of the Vulnerable Software and Affected Versions Altair Grid Engine versions prior to 2026.0.0 Description The software does not properly validate environment variables when loading shared libraries, which can allow for path hijacking through malicious library substitution. A local attacker...
PT-2025-46235
Name of the Vulnerable Software and Affected Versions SAP HANA JDBC Client affected versions not specified Description The SAP HANA JDBC Client contains a flaw due to inadequate validation of connection property values. A locally authenticated, high-privilege user can provide specially crafted...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
CVE-2025-12487
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
CVE-2025-12488
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...
Malicious Package
Overview paysera-loading-spinner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability
oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...