4112 matches found
CVE-2025-39690
The CVE-2025-39690 issue affects the Linux kernel: iio: accel: sca3300, where uninitialized iio scan data could leak via the channels array. The root cause is that the channels array was not zeroed before use, potentially exposing stack data to userspace. A fix was applied in the Linux kernel (公开...
OESA-2025-2183 golang security update
. Security Fixes: A vulnerability was found in Google Go up to 1.23.11/1.24.5 Programming Language Software. It has been declared as problematic.The manipulation of the argument PATH with an unknown input leads to a unknown weakness.As an impact it is known to affect integrity.Upgrading to versio...
OESA-2025-2182 golang security update
. Security Fixes: The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VC...
OESA-2025-2181 golang security update
. Security Fixes: The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VC...
OESA-2025-2180 golang security update
. Security Fixes: A vulnerability was found in Google Go up to 1.23.11/1.24.5 Programming Language Software. It has been declared as problematic.The manipulation of the argument PATH with an unknown input leads to a unknown weakness.As an impact it is known to affect integrity.Upgrading to versio...
Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition
IPv4 NAT has limited the spread of IoT botnets considerably by default-denying bots' incoming connection requests to in-home devices unless the owner has explicitly allowed them. As the Internet transitions to majority IPv6, however, residential connections no longer require the use of NAT. This...
CVE-2025-32345
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges...
DXPLOIT1_ScannerTools
It is an offensive tool for system scanning and pentesting. The...
GNU Binutils ld ldelfgen.c link_order_scan memory leak
...
Incorrect results returned from Rows.Scan in database/sql
...
mm/vmscan: don't try to reclaim hwpoison folio
...
GNU Bison scan-code.c code_free double free
...
Apache Tomcat 10.1.0-M1 < 10.1.44 Denial of Service
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.108, 10.1.0-M1 prior to 10.1.44 or 11.0.0-M1 prior to 11.0.10. It is, therefore, affected by a denial of service vulnerability due to Tomcat's HTTP/2 implementation vulnerable to the made you reset attack. Note tha...
Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
GHSA-F79P-9C5R-XG88 Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
CVE-2025-58178
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
PT-2025-35655
🔴 SonarQube Scan GitHub Action, Command Injection, CVE-2025-53087 High https://t.co/18WQ4wixFA...