CVE-2025-55156

PyLoad (the Python-based download manager) contains a SQL Injection in the add_links parameter of the /json/add_package API. The issue allows attackers to modify or delete data in the database, causing data errors or loss. A patch was released in version 0.5.0b3.dev91; upgrading to this version (...

BIT-MOODLE-2025-26525 Arbitrary file read risk through pdfTeX

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe-fips, spicedb, nvidia-nsight-compute-13.1, grafana-fips, kine, spire-server-fips, witness, kubernetes-dashboard-metrics-scraper-fips, gcp-compute-persistent-disk-csi-driver, gh, gatekeeper-fips, containerd-fips,...

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.

...

BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time

Summary An inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it i...

GHSA-R5P3-955P-5GGQ vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws...

JSON Web Token (JWT) Exposure in Log Files

Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. Note: The vulnerability affects both Brocade ASCG...

EinHops: Einsum Notation for Expressive Homomorphic Operations on RNS-CKKS Tensors

Fully Homomorphic Encryption FHE is an encryption scheme that allows for computation to be performed directly on encrypted data, effectively closing the loop on secure and outsourced computing. Data is encrypted not only during rest and transit, but also during processing. However, FHE provides a...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7 that stems from a possible bypass of checks when validating malicious JSON stringable messages, which could lead to false validation results...

Autel MaxiCharger AC Wallbox Commercial 安全漏洞

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from a JSON message that fails to properly validate the length and size of the input data, which can be...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

DEBIAN-CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

MetaCPAN Net::CIDR::Set 安全漏洞

MetaCPAN Net::CIDR::Set is a library from the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Net::CIDR::Set versions 0.10 through 0.13 that stems from not properly handling leading zeros in IP CIDR address strings, which could lead to an access control bypass...

CVE-2024-51809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through = 1.0.2...

CVE-2023-33959

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

CVE-2023-23930

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...