@huntersofbook/i18n (=0.8.1), unplugin-i18n-merger (>=0.0.1 <=0.1.2) potentially affected by unknown CVE via schob (=1.0.2)

schob NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on schob and may be impacted: - @huntersofbook/i18n =0.8.1 - unplugin-i18n-merger =0.0.1, =0.1.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191420...

EUVD-2011-1186

Malware in sbrugna...

EUVD-2023-1104

Malicious code in bioql PyPI...

EUVD-2022-43205

Malicious code in bioql PyPI...

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

PT-2025-33729 · Volcengine · Volcengine Verl

Name of the Vulnerable Software and Affected Versions: Volcengine versions 3.0.0 Description: A deserialization vulnerability exists in Volcengine's scripts/model merger.py script when using the "fsdp" backend. The script calls torch.load with weights only=False on user-supplied .pt files, allowi...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

CVE-2025-50461

CVE-2025-50461 describes a deserialization vulnerability in Volcengine Verl 3.0.0, specifically in scripts/model_merger.py when using the "fsdp" backend. The code calls torch.load() with weights_only=False on user-supplied .pt files, enabling arbitrary code execution if a malicious model file is ...

CVE-2023-26513

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour [updated]

The cybercriminals who claimed responsibility for the Ticketmaster data breach say theyve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k...

Malicious code in Merger (NuGet)

--- -= Per source details. Do not edit below this line.=-...

io.antmedia.app:ConsoleApp (>=1.2.0 <=1.5.0), io.antmedia.app:LiveApp (>=1.2.0 <=1.8.1) +8 more potentially affected by CVE-2024-3462 via io.antmedia:ant-media-server (>=1.2.0 <=2.9.0)

io.antmedia:ant-media-server MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.6.1, =2.15.0, =2.9.0, =2.14.0, =2.9.0, =2.6.1, =1.9.0, =1.2.0, =1.8.1 Source cves: CVE-2024-3462 Source advisory: OSV:GHSA-G95V-3PJ6-J433...

K000139044: Apache httpd vulnerabilities CVE-2011-1176, CVE-2011-2688, CVE-2013-0942, CVE-2013-2765, and CVE-2013-4365

Security Advisory Description CVE-2011-1176 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which...

PostgreSQL 11.x < 11.21 / 12.x < 12.16 / 13.x < 13.12 / 14.x < 14.9 / 15.x < 15.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 11 prior to 11.21, 12 prior to 12.16, 13 prior to 13.12, 14 prior to 14.9, or 15 prior to 15.4. As such, it is potentially affected by a vulnerability : - An extension script is vulnerable if it uses @extowner@, @extschema@, or...

Denial Of Service (DoS)

Apache Sling Resource Merger is vulnerable to Denial of Service DoS. The vulnerability is due to a faulty iteration logic in the function getRelativePath in MergedResourceProvider, triggering an infinite loop and consuming excessive CPU memory, possibly leading to a system crash...

Apache Sling Resource Merger has Excessive Iteration vulnerability

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

GHSA-RWRX-X2HW-9H5W Apache Sling Resource Merger has Excessive Iteration vulnerability

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

com.adobe.aem:aem-sdk-api (=2020.6.3800.20200626T210738Z-200604), net.distilledcode.aem:aem-touch-ui-support-package (>=0.1.0 <=0.1.32) potentially affected by CVE-2023-26513 via org.apache.sling:org.apache.sling.resourcemerger (=1.3.10)

org.apache.sling:org.apache.sling.resourcemerger MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sling:org.apache.sling.resourcemerger and may be impacted: - com.adobe.aem:aem-sdk-api =2020.6.3800.20200626T210738Z-20060...