Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Django vulnerabilities (USN-8154-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8154-1 advisory. Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with...

USN-8154-2 python-django vulnerabilities

USN-8154-1 fixed vulnerabilities in Django. This update provides the corresponding updates for CVE-2026-33033 and CVE-2026-4292 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS, and CVE-2026-4277 in Ubuntu 16.04 LTS. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled...

GHSA-W5CR-2QHR-JQC5 Cloudflare Agents has a Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this...

(0Day) Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Buffer Overflow

ExecuTorch is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking due to insufficient validation when loading model data, allowing memory corruption that could lead to crashes or remote code execution...

EUVD-2023-47931

Malicious code in bioql PyPI...

CVE-2018-13367

An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI...

Deserialization of Untrusted Data

Overview rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model in...

Sandbox Bypass

winter/wn-cms-module is vulnerable to Sandbox Bypass. The vulnerability is due to inadequate enforcement of the sandbox in Twig, allowing users with specific permissions to modify theme customization values, templates, or model data through Twig templates...

CVE-2024-54149 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such...

GHSA-XHW3-4J3M-HQ53 Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...

Winter 安全漏洞

Winter is a free and open source content management system based on the Laravel PHP framework by Winter Open Source. A security vulnerability exists in Winter versions prior to 1.2.7, 1.1.11, and 1.0.476, which stems from a user being able to bypass the sandboxing restriction of Twig files by...

PT-2024-36072 · Unknown · Winter Cms

Name of the Vulnerable Software and Affected Versions: Winter CMS versions prior to 1.2.7 Winter CMS versions prior to 1.1.11 Winter CMS versions prior to 1.0.476 Description: The issue allows users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on...

PT-2024-25954 · Cybrosys Techno Solutions · Text Commander

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Text Commander module aka text commander versions 16.0 through 16.0.1 Description: A SQL injection vulnerability in the Text Commander module allows a remote attacker to gain privileges via the data parameter to...

UBUNTU-CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

DEBIAN-CVE-2012-2090

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...

Mandriva Update for hplip MDVSA-2011:013 (hplip)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for hplip MDVA-2008:157 (hplip)

Check for the Version of hplip OpenVAS Vulnerability Test Mandriva Update for hplip MDVA-2008:157 hplip Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...