1263 matches found
EUVD-2025-26232
Malicious code in bioql PyPI...
EUVD-2025-25580
Malicious code in bioql PyPI...
EUVD-2022-39299
Malicious code in bioql PyPI...
EUVD-2022-6962
Malicious code in bioql PyPI...
CVE-2025-59340
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classe...
MAL-2025-47442 Malicious code in string-mapper (npm)
The package string-mapper was found to contain malicious code...
Malicious code in string-mapper (npm)
The package string-mapper was found to contain malicious code...
GHSA-M49C-G9WR-HV6V jinjava has Sandbox Bypass via JavaType-Based Deserialization
Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as getClass, and block instantiation of Class objects. However, these protections can be bypassed. By using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying...
jinjava has Sandbox Bypass via JavaType-Based Deserialization
Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as getClass, and block instantiation of Class objects. However, these protections can be bypassed. By using mapper.getTypeFactory.constructFromCanonical, it is possible to instruct the underlying...
PT-2025-38270
Name of the Vulnerable Software and Affected Versions jinjava versions prior to 2.8.1 Description jinjava is a Java-based template engine. A sandbox escape flaw exists due to unrestricted interaction with the properties of JinjavaInterpreter instances, specifically through the ObjectMapper. By...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups CVE-2021-46987 In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Fix another memory leak in error handling paths...
CVE-2025-39792
In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation will use the block layer zone write plugging. In such case, DM target drivers must not split BIOs using dmacceptpartialbio...
Linux Distros Unpatched Vulnerability : CVE-2025-39791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt...
UBUNTU-CVE-2025-39792
In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation will use the block layer zone write plugging. In such case, DM target drivers must not split BIOs using dmacceptpartialbio...
PT-2025-37326
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to block I/O BIO splitting in device mapper dm targets that support zoned devices. Specifically, the issue arises when zoned DM targets utilize...
CVE-2025-39791
In the Linux kernel, the following vulnerability has been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the maxreadsize and maxwritesize module...
dm cache: fix flushing uninitialized delayed_work on cache_ctr error
...
Penetration-Testing-on-Metasploitable2
Penetration-Testing-on-Metasploitable2...
CVE-2025-44033
SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...
CVE-2025-44033
SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...