507 matches found
Symfony Profiler - Remote Access via Injected Arguments
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
[SECURITY] Fedora 43 Update: rust-inferno-0.12.6-3.fc43
Rust port of the FlameGraph performance profiling tool suite...
CVE-2025-71345
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...
GO-2026-5533 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server in github.com/tilt-dev/tilt
Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server in github.com/tilt-dev/tilt...
GO-2026-5343 opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler
opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent in go.opentelemetry.io/ebpf-profiler...
GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...
PT-2026-51617
Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...
CVE-2026-28237
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
CVE-2026-28237
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
EUVD-2026-35768
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...
PT-2026-48129
Name of the Vulnerable Software and Affected Versions AMD uProf affected versions not specified Description Unrestricted resource allocation in AMD uProf may be exploited to consume excessive system resources, which could potentially lead to a loss of availability. Recommendations At the moment,...
GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...
Malicious Package
Overview hardhat-gas-profiler-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
PT-2026-44141
Name of the Vulnerable Software and Affected Versions Symfony affected versions not specified Description The profiler, a debug UI used only during development, renders source-code excerpts using the file excerpt filter. While PHP files are rendered via highlight string to escape HTML, non-PHP...
PT-2026-45157
Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The TwigProfilerDumperHtmlDumper component fails to escape the output of Profile::getTemplate and Profile::getName when writing to HTML. If an attacker can control the template name—which may...
Cross-site Scripting (XSS)
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...