179 matches found
CVE-2025-30190
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...
CVE-2025-59026
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-30190
CVE-2025-30190 affects Open-Xchange OX App Suite. Malicious content in office documents can inject script code during document editing, executing unintended actions in the user’s context and potentially exfiltrating sensitive data. No public exploits are known. Root cause involves script injectio...
CVE-2025-30186
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
PT-2025-48256
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...
PT-2025-48258
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...
CVE-2025-64345 Wasmtime provides unsound API access to a WebAssembly shared linear memory
Wasmtime is a runtime for WebAssembly. Prior to version 38.0.4, 37.0.3, 36.0.3, and 24.0.5, Wasmtime's Rust embedder API contains an unsound interaction where a WebAssembly shared linear memory could be viewed as a type which provides safe access to the host Rust to the contents of the linear...
CVE-2025-30188
Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...
EUVD-2025-33305
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...
EUVD-2023-46198
Malicious code in bioql PyPI...
EUVD-2024-20705
Malicious code in bioql PyPI...
EUVD-2023-46195
Malicious code in bioql PyPI...
EUVD-2024-20711
Malicious code in bioql PyPI...
EUVD-2023-46200
Malicious code in bioql PyPI...
EUVD-2025-31727
Malicious code in bioql PyPI...
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
Impact A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If...
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...
PT-2025-37099
Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...
GHSA-VXG3-W9RV-RHR2 Contrast leaks workload secrets to logs on INFO level
This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...
Linux Distros Unpatched Vulnerability : CVE-2025-53901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions ca...