9945 matches found
[SECURITY] Fedora 42 Update: rust-scx_layered-0.0.6-7.fc42
A highly configurable multi-layer BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...
Keras 安全漏洞
Keras is an open-source deep learning framework with multiple backends. Versions of Keras 3.13.1 and earlier contain security vulnerabilities. These vulnerabilities stem from defects in the model loading mechanism HDF5 integration, which could allow remote attackers to read local files through...
PT-2026-7728
Name of the Vulnerable Software and Affected Versions Keras versions 3.0.0 through 3.13.1 Description A flaw exists in the model loading mechanism, specifically within the HDF5 integration of Keras. This issue allows a remote attacker to read local files and potentially disclose sensitive...
CVE-2026-26007 cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...
GHSA-R6PH-V2QM-Q3C2 cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...
CVE-2026-25655
A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...
MAL-2026-812 Malicious code in hardixx-code (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c0eeb07f1a0f9149c6e22016d85bcc59e5d0bbbac9514fbef9a2ba0289bf75fe Version 1.0.2 introduced loading obfuscated code during importing the module. However, distributions uploaded to PyPI lack the necessary file storing the code...
PT-2026-6705
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...
Zabbix Agent Binaries Path Abuse Scanner
This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...
openSUSE 16 : Recommended update for gimp (SUSE-SU-openSUSE-RU-2026:20168-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-openSUSE-RU-2026:20168-1 advisory. Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was...
CVE-2026-23086
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peerbufalloc, which is set from the remote endpoint's SOVMSOCKETSBUFFERSIZE value. On the host side this means that the...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
SUSE CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2026-1846
loading template...
EUVD-2026-5192
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...
GHSA-FJM6-8XP2-4FWC Boltz contains an insecure deserialization vulnerability in its molecule loading functionality
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
Boltz contains an insecure deserialization vulnerability in its molecule loading functionality
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...