CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...

Spotipy 安全漏洞

Spotipy is spotipy-dev individual developer's lightweight Python library for the Spotify Web API. Spotipy suffers from a security vulnerability that stems from pullrequesttarget executing untrusted code in GitHub Actions, which could lead to credential disclosure and repository takeover...

OZI-publish 安全漏洞

OZI-publish is an OZI Project open source project. A security vulnerability exists in OZI-publish versions 1.13.2 through 1.13.5, which stems from untrusted data flowing into the PR creation logic and could lead to the execution of arbitrary code...

PT-2025-19956 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay where an organization acting as a proxy cache grants "Admin" permissions on a newly created repository when a user or robot pulls an image that hasn't been mirrored ye...

CVE-2023-53104

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-53104

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2025-18868 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the skb pull function in the smsc75xx driver, where a packet length check needs to be moved to prevent a...

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

As the field of artificial intelligence AI continues to evolve at a rapid pace, fresh research has found how techniques that render the Model Context Protocol MCP susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new repo...

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

CVE-2025-30373

CVE-2025-30373 affects Graylog (Graylog2-server) starting with version 6.1, where HTTP Inputs can be configured to require a header/value for authentication. The flaw: when the required header is missing or has an incorrect value, the system returns HTTP 401 but ingests the message anyway, effect...

CVE-2025-21891

The CVE-2025-21891 entry concerns a Linux kernel ipvlan vulnerability where outbound IPv4/IPv6 headers could be read from skb->head if the network header was not in the skb’s linear part. The fix adds pskb_network_may_pull() calls for both IPv4 and IPv6 handlers (ipvlan_core.c: ipvlan_route_v6...

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

AutoGPT 安全漏洞

AutoGPT is a tool from AutoGPT Open Source. It is used to enable everyone to use and build accessible AI. AutoGPT suffers from a security vulnerability that stems from the presence of command injection in the workflow-checker.yml workflow, which allows an attacker to inject arbitrary commands by...

Kedro 输入验证错误漏洞

Kedro is a production-ready data science toolkit from Kedro Open Source. An input validation error vulnerability exists in Kedro version 0.19.8, which stems from the execution of the setup.py file by the pullpackage function and could lead to remote code execution...

Malicious code in dependabot-pull-request-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f89f292c4aeef9adcdb74b756e9f23059ca61f0327bfb78956c32e30c9bf3c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2038 Malicious code in dependabot-pull-request-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f89f292c4aeef9adcdb74b756e9f23059ca61f0327bfb78956c32e30c9bf3c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...