10276 matches found
Arbitrary Code Execution
Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Arbitrary Code Execution due to the dynamic loading of notebooks as modules. An attacker can execute malicious code in notebooks during the loading process, potentially...
The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the fact that they allow the loading of unreliable external data alongside reliable data. This allows attackers to circumvent existing security restrictions.
The vulnerability of Microsoft Office, Word, and 365 Apps for Enterprise packages lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
CVE-2024-12530
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...
Malicious code in @sporta-technology/d11-web-components.shell-loading (npm)
--- -= Per source details. Do not edit below this line.=-...
AZL-60877 CVE-2025-32434 affecting package pytorch for versions less than 2.2.2-6
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
DEBIAN-CVE-2025-32434
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
AZL-60880 CVE-2025-32434 affecting package pytorch for versions less than 2.0.0-8
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
CVE-2025-32434
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
CVE-2025-27599 Element X Android vulnerable to loading malicious web pages via received intent
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it...
CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...
CVE-2024-12530
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...
CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...
CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...
CVE-2024-12530
CVE-2024-12530 affects OpenText Secure Content Manager (Windows), specifically version 23.4, due to an Uncontrolled Search Path Element that enables DLL side-loading. This can allow end users to execute malicious code in the trusted context of the thick-client. The issue is locally exploitable wi...
PT-2025-17020 · Opentext · Opentext Secure Content Manager
Name of the Vulnerable Software and Affected Versions: OpenText Secure Content Manager version 23.4 Description: The issue is related to an Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows, which allows DLL Side-Loading. This could potentially be...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...
CLSA-2025-1744782967 ghostscript: Fix of 3 CVEs
CVE-2024-33871: fix arbitrary code execution by restricting Driver parameter to load only known dynamic libraries in gdevopvp.c - CVE-2023-38559: fix buffer overflow flaw in devnpcxwriterle function by adding input validation checks - CVE-2024-29510: fix memory corruption and SAFER sandbox bypass...
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients int...
The vulnerability of the `s.contexts._.configure` function in the library for loading JavaScript modules via RequireJS allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the s.contexts..configure function in the library for loading JavaScript modules using RequireJS is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service...