CVE-2025-12155 Command Injection in Looker

A Command Injection vulnerability, resulting from improper file path sanitization Directory Traversal in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. Th...

PT-2025-45605

Name of the Vulnerable Software and Affected Versions Looker versions 24.12.100 and later Looker versions 24.18.192 and later Looker versions 25.0.69 and later Looker versions 25.6.57 and later Looker versions 25.8.39 and later Looker versions 25.10.22 and later Description The software contains ...

HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. HP has identified affected versions and the minimum version that...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

DRUPAL-CONTRIB-2025-017

This module enables you to create super sets of configuration and enable them conditionally, for example have some modules installed only in some environments. The module does not use Cross Site Request Forgery CSRF tokens to protect routes for enabling or disabling a split. This vulnerability is...

CVE-2024-53096

In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmapregion error path behaviour The mmapregion function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other...

CVE-2024-50143

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udfgetfileshortad Check for overflow when computing alen in udfcurrentaext to mitigate later uninit-value use in udfgetfileshortad KMSAN bug1. After applying the patch reproducer did not trigger any...

PT-2024-39977 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.22.4 PyO3 version 0.22.4 with mitigated functions, to be fully removed in 0.23 Description: A flaw was found in PyO3, causing a use-after-free issue. This can lead to memory corruption or crashes through unsound...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows that stems from the presence of an elevation of privilege vulnerability that could allow an attacker with basic user privileges to...

Nuxt Icon affected by a Server-Side Request Forgery (SSRF)

Summary nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure...

CVE-2024-28074 SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability...

CVE-2024-39499 vmci: prevent speculation leaks by sanitizing event in event_deliver()

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in eventdeliver Coverity spotted that eventmsg is controlled by user-space, eventmsg-eventdata.event is passed to eventdeliver and used as an index without sanitization. This...

CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfxv943init cpcomputemicrocode and rlcmicrocode The function gfxv943initmicrocode in gfxv943.c was generating about potential truncation of output when using the snprintf function. The issue was due...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Unbound vulnerability (USN-6791-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6791-1 advisory. It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update introduce...

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

CVE-2021-47503

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsiremovehost in pm8001alloc Calling scsiremovehost before scsiaddhost results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:devicedel+0x63/0x440 Call Trace:...

CVE-2021-47274

In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: 1640542.554277 general protection fault: 0000 1...

CVE-2024-3263 Improper authentication in YMS VIS Pro

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially...

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...