Lucene search
K

30 matches found

Spring Security Advisories
Spring Security Advisories
added 2025/09/09 12:0 a.m.4 views

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/03/04 10:40 p.m.1 views

Unsafe Dependency Resolution

Overview conda-forge-metadata is a programatic access to conda-forge's metadata Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to an unclaimed optional dependency. The package specifies an optional dependency on conda-oci-mirror, which is neither present on t...

10CVSS6.8AI score0.00582EPSS
Exploits0References2
OSV
OSV
added 2025/03/04 9:48 p.m.4 views

CVE-2025-27510 RCE in the package conda-forge-metadata

conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in...

9.3CVSS8.1AI score0.00582EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/09/01 6:30 p.m.104 views

Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Patches: Released in v.0.0.308. numexpr dependency is optional for langchain...

9.8CVSS9.4AI score0.01322EPSS
Exploits1References9Affected Software2
Snyk
Snyk
added 2022/08/19 8:11 a.m.1 views

Malicious Package

Overview optional-dep-wont-be-found is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/16 8:46 a.m.4 views

Malicious code in optional-dep-wont-be-found (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2226cdc4dac73c40bc10584ecdb520dfdf47b568418de61acf37fd8cef42daf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/03/14 10:45 p.m.73 views

HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...

7.8CVSS0.2AI score0.87806EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/09/16 5:43 p.m.6 views

SUSE-SU-2021:3119-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries bsc1189748. - Fixed build with llvm12 on s390x bsc1185952. - Re-enabled icu for PostgreSQL 10 bsc1179945. - Made the dependency of postgresqlXX-server-devel on llvm and clang...

6.5CVSS7.1AI score0.0142EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2019/02/11 12:0 a.m.89 views

runc security update

1.0.0-19.rc5.git4bb1fe4.0.3.el7 - Apply patch for CVE-2019-5736 Wiekus Beukes 1.0.0-19.rc5.git4bb1fe4.0.2.el7 - update Go version to 1.10.8, fix version string Laszlo Laca Peter 1.0.0-19.rc5.git4bb1fe4.0.1.el7 - Tuning .spec file 2:1.0.0-19.rc5.git4bb1fe4 - release v1.0.0rc5...

9.3CVSS0.4AI score0.9857EPSS
Exploits33
Fedora
Fedora
added 2019/01/11 3:0 a.m.9 views

[SECURITY] Fedora 28 Update: php-horde-Horde-Image-2.5.4-1.fc28

An Image utility API, with backends for: GD GIF PNG SVG SWF ImageMagick convert command line tool Imagick Extension Optional dependency: php-pecl-imagick...

2.4AI score
Exploits0
Rows per page
Query Builder