CVE-2025-14576

CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...

EUVD-2025-209594

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

EUVD-2015-7161

Malware in sbrugna...

EUVD-2022-4766

Malicious code in bioql PyPI...

SUSE CVE-2025-39700

In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...

CVE-2025-39700

In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...

CVE-2015-7230

The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node...

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

Kubernetes: Node Validation Admission does not observe all oldObject fields

Summary: The Validating Admission webhook for Node Objects is passing oldObject fields incorrectly on AdmissionReview.Request. It was identified initially in metadata.labels, but a list of impacted fields follows below: oldNode.Spec.PodCIDRs oldNode.Spec.ProviderID oldNode.Spec.ConfigSource...

SA-CONTRIB-2011-017 - Save Draft - Validation Bypass

The Save Draft module adds a "Save as draft" button to the node form, letting content creators easily save a post in unpublished draft form. The module adds validation to individual form actions, thereby bypassing any form-wide validation that is normally performed before saving content. This is ...

kernel: sys_move_pages infoleak

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

Fedora 8 : drupal-5.11-1.fc8 (2008-8905)

Update to 5.11, security fixes: SA-2008-047 http://drupal.org/node/318706 - File upload access bypass file disclosure - Access rules bypass - BlogAPI access bypass - Node validation bypass Remember to log in to your site as the admin user before upgrading this package. After upgrading the package...

SA-2008-060 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. File upload access bypass A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only. Users can view files attached to content which they do not...

drupal -- multiple vulnerabilities

The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...