55 matches found
GHSA-G4VJ-CJJJ-V7HG Defense in Depth update for NuGet Client
Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by a software package validation issue, which could allow applications to gain root access...
PT-2026-7787
Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.3 Description A package validation issue existed that allowed an application to potentially gain root privileges. This issue was resolved by blocking the vulnerable package. Recommendations Update to macOS version 26...
BIT-CROSSPLANE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
EUVD-2025-201881
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
Google SecOps SOAR Server 安全漏洞
Google SecOps SOAR Server is a security platform from Google, Inc USA. A security vulnerability exists in Google SecOps SOAR Server that stems from insufficient code validation of uploaded Python packages, which could lead to remote code execution...
EUVD-2014-0513
Malware in sbrugna...
EUVD-2014-0521
Malware in sbrugna...
EUVD-2020-1512
Malware in sbrugna...
EUVD-2021-28218
Malicious code in bioql PyPI...
EUVD-2023-2113
Malicious code in bioql PyPI...
EUVD-2025-31020
Malicious code in bioql PyPI...
CVE-2025-20314
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper...
Cisco IOS XE 安全漏洞
Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...