EUVD-2025-21013

Malicious code in bioql PyPI...

CVE-2025-54135

Cursor before v1.3.9 allows prompt-injection via MCP MCP server data to auto-run and write to ~/.cursor/mcp.json, enabling RCE when processing external content. Affected: Cursor AI code editor (Cursor) in-workspace file writes without user approval; dotfiles require approval but new dotfiles do n...

SUSE-SU-2025:0058-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application bsc1234664 + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation bsc1234663 + CVE-2024-52317: Request/response mix-up with HTTP/2 bsc1233435 - Catalina...

Low: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.6 release and security update

Red Hat AMQ Broker 7.8.6 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

Fedora 21 : php-twig-1.20.0-1.fc21 (2015-13423)

1.20.0 2015-08-12 forbid access to the Twig environment from templates and internal parts of TwigTemplate fixed limited RCEs when in sandbox mode deprecated TwigTemplate::getEnvironment deprecated the self variable for usage outside of the from and import tags added TwigBaseNodeVisitor to ease th...