4111 matches found
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
GHSA-5XQ9-5G24-4G6F Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Ubuntu: Security Advisory (USN-7777-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 25.04 : PCRE2 vulnerability (USN-7777-1)
The remote Ubuntu 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7777-1 advisory. It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose...
USN-7777-1: PCRE2 vulnerability
It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...
USN-7777-1 pcre2 vulnerability
It was discovered that PCRE2 incorrectly handled the Scan SubString verb. An attacker could possibly use this issue to cause applications using PCRE2 to expose sensitive information...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: google-osconfig-agent, rabbitmq-cluster-operator, wire-go, helm-operator, docker-cli-buildx, yunikorn-k8shim, eksctl, emissary, delve, aws-application-networking-k8s, terraform-provider-azapi, cis-operator, rabbitmq-messaging-topology-operator, harbor,...
Malicious Package
Overview fasterlog is a malicious package. Two malicious Rust crates, fasterlog impersonates the legitimate fastlog library and asyncprintln attempt to scan source files for Quoted Ethereum private keys 0x + 64 hex, Solana-style Base58 secrets and Bracketed byte arrays to later exfiltrate matches...
Information Disclosure
nx is vulnerable to Information Disclosure. The vulnerability is due to malicious package versions containing code that scans the file system and collects credentials, which allows an attacker to exfiltrate sensitive data by posting it to GitHub under the victim’s account...
PT-2025-42778
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc6 Description The Linux kernel contains a flaw within the fs/proc/task mmu component. Specifically, a null pointer dereference can occur in pagemap scan backout range when the PAGEMAP SCAN ioctl is calle...
sslyze
It is an offensive tool for scanning SSL/TLS configurations. The primary target of this tool is the SSL/TLS configuration of a server, which can be analyzed to ensure it uses strong encryption settings and is not vulnerable to known TLS attacks. The tool can connect to a server to perform the...
FreeBSD : PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS (b51a4121-9607-11f0-becf-00a098b42aeb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b51a4121-9607-11f0-becf-00a098b42aeb advisory. [email protected] reports: The PCRE2 library is a set of C functions that implement regula...
[SECURITY] Fedora 41 Update: gitleaks-8.28.0-1.fc41
Scan git repos or files for secrets using regex and entropy...
[SECURITY] Fedora 42 Update: gitleaks-8.28.0-1.fc42
Scan git repos or files for secrets using regex and entropy...
GHSA-4VR7-G93G-CF6M Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the buildscanresultfromrawglobals function in the scanner.py file. An attacker can execute arbitrary code...
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
PYSEC-2025-152
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...