Lucene search
K

36 matches found

NVD
NVD
added 2026/05/21 9:16 p.m.15 views

CVE-2026-8140

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...

7.5CVSS0.00118EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 7:30 p.m.8 views

Malicious code in open-vp-cal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...

5.9AI score
Exploits0References1
OSV
OSV
added 2025/12/10 12:12 a.m.4 views

MAL-2025-192568 Malicious code in EffetMer.darkgpt (VSCode)

The package downloads and executes a hidden executable from a malicious URL...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/12/01 6:50 p.m.6 views

CLSA-2025-1764615000 python3.11-setuptools: Fix of CVE-2024-6345

CVE-2024-6345: Fix code injection vulnerability in package download functions...

8.8CVSS7.4AI score0.01939EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/08 1:17 a.m.2 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/08/28 5:4 p.m.4 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/23 11:40 a.m.3 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2025/07/21 8:37 a.m.5 views

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

8.8CVSS7.2AI score0.01479EPSS
Exploits4References8
Slackware Linux
Slackware Linux
added 2025/06/24 7:59 p.m.8 views

[slackware-security] libssh

New libssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.11.2-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Write beyond bounds in binary to base64 conversion. Us...

5.4CVSS7.7AI score0.02394EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2025/04/02 2:29 a.m.15 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-128.9.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

8.1CVSS7.5AI score0.00767EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2025/03/14 9:2 p.m.32 views

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.32-i586-1slack15.0.txz: Upgraded. This update fixes security issues: LibXML: libxml streams use wrong content-type header when...

9.8CVSS6.7AI score0.0079EPSS
Exploits2
OSV
OSV
added 2025/03/07 4:11 p.m.10 views

CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7...

7.5CVSS6.6AI score0.00348EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2025/03/04 7:51 p.m.21 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-128.8.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

8.8CVSS6.2AI score0.00519EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.3 views

Amazon Linux 2023 : python3.11-setuptools, python3.11-setuptools-wheel (ALAS2023-2024-740)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-740 advisory. A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from...

8.8CVSS7.6AI score0.01939EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.5 views

The vulnerability of the `package_index` module in the setuptools library of package management tools, related to improper code generation control, allows a malicious actor to execute arbitrary commands on the system.

The vulnerability of the packageindex module in the setuptools packaging library relates to the use of functions that are used to download packages from URLs provided by users or obtained from package index servers. This code can be exploited. Exploiting this vulnerability allows a malicious acto...

10CVSS7.2AI score0.01939EPSS
Exploits0References11Affected Software7
SUSE CVE
SUSE CVE
added 2024/06/28 11:16 p.m.2 views

SUSE CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS7.5AI score0.01346EPSS
Exploits0References5
OSV
OSV
added 2024/06/28 12:33 a.m.30 views

GHSA-CGVX-9447-VCCH ntlk unsafe deserialization vulnerability

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

7.5CVSS9.7AI score0.01346EPSS
Exploits0References7
OSV
OSV
added 2024/06/27 10:15 p.m.24 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS7.8AI score0.01346EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/06/27 10:15 p.m.29 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS7.4AI score0.01346EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/27 12:0 a.m.182 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

0.01346EPSS
Exploits0References3
Rows per page
Query Builder