47 matches found
CVE-2025-71367
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
CVE-2026-7439
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...
Flowise Execute Flow function has an SSRF vulnerability
Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...
Simple Git 操作系统命令注入漏洞
Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands within any Node.js application. Versions of Simple Git 3.31.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass...
USN-8025-1 dotnet8, dotnet9, dotnet10 vulnerability
Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...
ROS-20251216-7358
A vulnerability in the Extensions component of Google Chrome and Microsoft Edge browsers is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
EUVD-2005-4708
Malware in sbrugna...
EUVD-2021-0853
Malware in sbrugna...
EUVD-2006-3155
Malware in sbrugna...
kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...
Unsafe Dependency Resolution
Overview @nx/azure-cache is an A Nx plugin which provides a Nx cache which can be self hosted on Azure Blob Storage. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the build cache process. An attacker can inject compromised artifacts into trusted production...
CVE-2023-23604
A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...
CVE-2025-1889
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...
The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome browsers allows attackers to bypass file system restrictions.
The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass file system restrictions by using a specially created HTML page...
CVE-2024-7345
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...
The vulnerability of Google Chrome’s Payments component allows a hacker to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of Google Chrome’s Payments component is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of the Extensions API of Microsoft Edge and Google Chrome browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Extensions API for Microsoft Edge and Google Chrome relates to improper security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML pa...