36 matches found
CVE-2026-8140
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...
Malicious code in open-vp-cal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...
MAL-2025-192568 Malicious code in EffetMer.darkgpt (VSCode)
The package downloads and executes a hidden executable from a malicious URL...
CLSA-2025-1764615000 python3.11-setuptools: Fix of CVE-2024-6345
CVE-2024-6345: Fix code injection vulnerability in package download functions...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
[slackware-security] libssh
New libssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libssh-0.11.2-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Write beyond bounds in binary to base64 conversion. Us...
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-128.9.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
[slackware-security] php
New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.32-i586-1slack15.0.txz: Upgraded. This update fixes security issues: LibXML: libxml streams use wrong content-type header when...
CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public
XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7...
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-128.8.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...
Amazon Linux 2023 : python3.11-setuptools, python3.11-setuptools-wheel (ALAS2023-2024-740)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-740 advisory. A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from...
The vulnerability of the `package_index` module in the setuptools library of package management tools, related to improper code generation control, allows a malicious actor to execute arbitrary commands on the system.
The vulnerability of the packageindex module in the setuptools packaging library relates to the use of functions that are used to download packages from URLs provided by users or obtained from package index servers. This code can be exploited. Exploiting this vulnerability allows a malicious acto...
SUSE CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
GHSA-CGVX-9447-VCCH ntlk unsafe deserialization vulnerability
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...