836 matches found
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.22.5, which stems from insufficient execution of branch delete permissions after a merge pull request...
PT-2025-53437
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.5 Description A permission enforcement issue exists in Gitea related to branch deletion after a pull request merge. Specifically, the system does not adequately enforce branch deletion permissions in these scenario...
AZL-72851 CVE-2025-59529 affecting package avahi 0.8-5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
UBUNTU-CVE-2025-59529
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
EUVD-2025-204402
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
GHSA-565G-HWWR-4PP3 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...
Users can modify tags on files that do not belong to them
None...
Stored XSS in contacts app via organisation and title field
None...
Missing Authorization
Overview github-webhook-server is an A webhook server to manage Github repositories and pull requests. Affected versions of this package are vulnerable to Missing Authorization via unsafe loading of OWNERS files from pull-request–controlled repository checkouts. The...
curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash
Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...
CVE-2025-34294
...
PT-2025-44187
Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description A time-of-check/time-of-use TOCTOU race condition exists in the File Integrity Monitoring FIM component when automatic threat removal is enabled. This can allow a local, low-privileged attacker...
Metasploit Wrap-Up 10/24/2025
Let us suggest persistence… This week's edition brings the new persistence suggester from h00die. Similar to the exploit variant, this module will list the available persistence mechanisms for your selected target. The module requires a session to target the machine, so it can run check methods...
GHSA-JFX9-29X2-RV3J pypdf can exhaust RAM via manipulated LZWDecode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...
EUVD-2021-18778
Malware in sbrugna...
EUVD-2021-19580
Malware in sbrugna...
EUVD-2022-45037
Malicious code in bioql PyPI...
EUVD-2024-42300
Malicious code in bioql PyPI...