The Linux Foundation OpenDayLight 安全漏洞

The Linux Foundation OpenDayLight is an open-source network controller platform developed by The Linux Foundation in the United States. The Linux Foundation OpenDayLight v12.0.5 contains a security vulnerability, which stems from a issue with the Externalizable.readExternal component. This...

Wazuh 缓冲区错误漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Wazuh has a buffer error vulnerability, which stems from a heap buffer overflow issue...

agentgateway 输入验证错误漏洞

Agentgateway is an open-source software developed by Agent Gateway, designed to provide secure and observable communication connections for AI agents. Versions of Agentgateway prior to 0.12.0 contained a vulnerability related to input validation errors. This vulnerability occurred when converting...

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data shuffling tutorial, which may lead to cod...

NVIDIA Megatron Bridge 代码注入漏洞

NVIDIA Megatron Bridge is a component developed by NVIDIA Corporation in the United States that connects Hugging Face and Megatron-Core. NVIDIA Megatron Bridge has a code injection vulnerability. This vulnerability arises from malicious inputs in the data merging process, which may lead to code...

EUVD-2026-5643

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

EUVD-2021-19340

Malware in sbrugna...

EUVD-2021-9080

Malicious code in bioql PyPI...

CVE-2021-21909

Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability...

DEBIAN-CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

CVE-2024-11858

CVE-2024-11858 affects Radare2. Affected: Radare2 up to and including version 5.9.x (per sources noting 5.9.8 and earlier; Nessus/Tenable references RS 5.8.0–5.9.4). The root cause is insufficient input validation when handling Pebble Application files, allowing malicious inputs to inject shell c...

CVE-2022-23861

CVE-2022-23861 affects YSoft SAFEQ 6 Build 53. The vulnerability is Multiple Stored Cross-Site Scripting (XSS) in the SafeQ web interface, caused by lack of output sanitization in multiple input fields, allowing arbitrary JavaScript execution for users accessing the web UI. Connected sources corr...

Remote Code Execution (RCE)

.NET and Visual Studio is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling and validation of input or components, which allows an attacker to execute arbitrary code remotely by crafting malicious inputs or exploiting affected features...

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

Radamsa - A General-Purpose Fuzzer

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...

PT-2024-22361

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option can be fooled by URLs in malicious inputs that use uppercase characters in the protocol, allowin...

CVE-2021-32494

Radare2 has a division by zero vulnerability in Mach-O parser's rebasebuffer function. This allow attackers to create malicious inputs that can cause denial of service...