32 matches found
Astra Linux - уязвимость в libreoffice
There is a vulnerability in input validation in the GStreamer integration of The Document Foundation LibreOffice. This allows an attacker to execute arbitrary GStreamer plugins. In affected versions, the filename of the embedded video is not properly escaped when passed to GStreamer. This enables...
CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
CVE-2026-40926
WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...
Docker CLI 安全漏洞
Docker CLI is a command-line management tool for containerized applications, open-sourced by Docker. Versions of Docker CLI prior to 29.1.5 contain security vulnerabilities. These vulnerabilities stem from an insecure search path for plugin binary files on Windows, which could allow low-privilege...
Arbitrary Code Execution
@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...
EUVD-2025-31043
Malicious code in bioql PyPI...
CLSA-2025-1744927038 libreoffice: Fix of CVE-2023-6185
CVE-2023-6185: escape filename of embedded video to prevent execution of arbitrary GStreamer plugins...
CVE-2025-0914
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
PT-2025-1386 · Opsview · Opsview Monitor Agent
Name of the Vulnerable Software and Affected Versions: Opsview Monitor Agent version 6.8 Description: A problem was discovered in Opsview Monitor Agent where an unauthenticated remote attacker can call check nrpe against affected targets, specifying known NRPE plugins. In default installations,...
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin...
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...
GO-2024-2998 Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker
Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker...
CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...
AlmaLinux 9 : libreoffice (ALSA-2024:3835)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution CVE-2023-6185 libreoffice: Insufficient macro permission validation...
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...
RHEL 8 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children CVE-2021-25636 -...
RLSA-2024:1514 Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...
libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution
An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins...