15955 matches found
CVE-2025-7104
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...
CVE-2025-7104 Mass Assignment in danny-avila/librechat
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...
PT-2025-39846
Name of the Vulnerable Software and Affected Versions librechat affected versions not specified Description A mass assignment issue exists that allows manipulation of sensitive fields. Attackers can exploit this by automatically binding user-provided data to internal object properties or database...
AlmaLinux 9 : podman (ALSA-2025:15900)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:15900 advisory. podman: Podman kube play command may overwrite host files CVE-2025-9566 Tenable has extracted the preceding description block directly from the AlmaLinux security...
media: aspeed: Fix memory overwrite if timing is 1600x900
...
CLSA-2025-1758915712 Fix CVE(s): CVE-2025-32988, CVE-2025-32990
SECURITY UPDATE: double-free when exporting SAN otherName - debian/patches/CVE-2025-32988.patch: fix double-free triggered when exporting certificates with multiple SAN otherName entries. - CVE-2025-32988 SECURITY UPDATE: 1-byte heap write in certtool template parsing -...
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...
hornetq-core-client: Arbitrarily overwrite files or access sensitive information
A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...
CVE-2025-59433
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
RHEL 9 : podman (RHSA-2025:16488)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16488 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
RHEL 9 : podman (RHSA-2025:16481)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16481 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
Important: Red Hat Security Advisory: container-tools:rhel8 security update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
CVE-2025-59433
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
Arbitrary Argument Injection
Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
GHSA-VH25-5764-9WCR @conventional-changelog/git-client has Argument Injection vulnerability
Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...
Conventional Changelog 参数注入漏洞
Conventional Changelog is an open source update log generation tool from Conventional Changelog. A parameter injection vulnerability exists in Conventional Changelog versions prior to 2.0.0 that stems from not cleaning or validating user input in the getTags API, which could lead to a parameter...