GHSA-62Q4-447F-WV8H Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

Summary pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrictbasepath: True the default, the current filename.startswithbase containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling...

PT-2026-42035

Summary pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrict base path: True the default, the current filename.startswithbase containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling...

curl: Cookie attribute TAB injection regression in Set-Cookie parsing

Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...

EUVD-2017-2939

Malware in sbrugna...

EUVD-2020-0293

Malware in sbrugna...

EUVD-2017-3747

Malware in sbrugna...

EUVD-2020-8086

Malware in sbrugna...

EUVD-2024-2824

Malicious code in bioql PyPI...

EUVD-2023-33975

Malicious code in bioql PyPI...

EUVD-2021-7720

Malicious code in bioql PyPI...

Mageia: Security Advisory (MGASA-2025-0222)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regression-Aware Continual Learning for Android Malware Detection

Malware evolves rapidly, forcing machine learning ML-based detectors to adapt continuously. With antivirus vendors processing hundreds of thousands of new samples daily, datasets can grow to billions of examples, making full retraining impractical. Continual learning CL has emerged as a scalable...

CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs

Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...

CVE-2024-53846 ssl fails to validate incorrect extened key usage

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

Fortinet FortiWeb OpenSSH regreSSHion Attack (CVE-2024-6387) (FG-IR-24-258)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-258 advisory. - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root...

GHSA-V23V-6JW2-98FQ Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

AZL-43030 CVE-2024-6387 affecting package openssh for versions less than 8.9p1-6

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...