pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

Impact OGC API - Process execution requests can use the subscriber object to requests to internal HTTP services. Patches The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by default unless...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

EUVD-2026-1896

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

CVE-2026-21898 CryptoLib Has Out-of-bounds Read in Crypto_AOS_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the CryptoAOSProcessSecurity function reads...

CVE-2026-21898

CryptoLib before version 1.4.3 contains an out-of-bounds read in Crypto_AOS_ProcessSecurity when parsing AOS frame hashes, enabling memory access violations per multiple sources. The issue affects the NASA Open Source CryptoLib SDLS-EP integration used for spacecraft-ground communications (cFS co...

CVE-2019-7323

GUP generic update process in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the...

Characterizing Build Compromises through Vulnerability Disclosure Analysis

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component systems source code, dependencies, build tools, the difficult...

EUVD-2017-7399

Malware in sbrugna...

EUVD-2013-2799

Malware in sbrugna...

EUVD-2005-3275

Malware in sbrugna...

EUVD-2013-5404

Malware in sbrugna...

EUVD-2020-18262

Malware in sbrugna...

EUVD-2024-0859

Malicious code in bioql PyPI...

EUVD-2025-6037

Malicious code in bioql PyPI...

EUVD-2023-28807

Malicious code in bioql PyPI...

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

CVE-2019-3972

Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "CisSharedMemBuff". This section object is exposed by CmdAgent and contains a SharedMemoryDictionary object, which allows a low privileged process to modify...

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib 1.3.3 and earlier versions, which stems from a heap buffer overflow in the CryptoAOSProcessSecurity function...