CVE-2025-30373

CVE-2025-30373 affects Graylog (Graylog2-server) starting with version 6.1, where HTTP Inputs can be configured to require a header/value for authentication. The flaw: when the required header is missing or has an incorrect value, the system returns HTTP 401 but ingests the message anyway, effect...

CVE-2025-21891

The CVE-2025-21891 entry concerns a Linux kernel ipvlan vulnerability where outbound IPv4/IPv6 headers could be read from skb->head if the network header was not in the skb’s linear part. The fix adds pskb_network_may_pull() calls for both IPv4 and IPv6 handlers (ipvlan_core.c: ipvlan_route_v6...

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

Kedro 输入验证错误漏洞

Kedro is a production-ready data science toolkit from Kedro Open Source. An input validation error vulnerability exists in Kedro version 0.19.8, which stems from the execution of the setup.py file by the pullpackage function and could lead to remote code execution...

AutoGPT 安全漏洞

AutoGPT is a tool from AutoGPT Open Source. It is used to enable everyone to use and build accessible AI. AutoGPT suffers from a security vulnerability that stems from the presence of command injection in the workflow-checker.yml workflow, which allows an attacker to inject arbitrary commands by...

MAL-2025-2038 Malicious code in dependabot-pull-request-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f89f292c4aeef9adcdb74b756e9f23059ca61f0327bfb78956c32e30c9bf3c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dependabot-pull-request-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f89f292c4aeef9adcdb74b756e9f23059ca61f0327bfb78956c32e30c9bf3c7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

DEBIAN-CVE-2022-49340

In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...

PT-2025-13228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue was found in the ipvlan module, where the function ipvlan process v6 outbound was assuming the IPv6 network header is...

SUSE CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

PT-2025-23053 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue affects Apache InLong, allowing attackers to bypass its security mechanisms and enabling arbitrary file reading due to a deserialization of untrusted data vulnerability...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. Remediation A fix was pushed into the master branch but not yet...

Malicious code in emergency-pull-request-probot-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-652 Malicious code in emergency-pull-request-probot-app (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

OESA-2025-1081 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A race condition was found in the Linux kernel's net/bluetooth in conn,advmin,maxintervalset function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. CVE-2024-24858 In t...

Insecure Temporary File in RESTEasy

Impact In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Patches Fixed in the following pull requests:...