35 matches found
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...
CVE-2022-31044
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created...
EUVD-2022-29641
Malicious code in bioql PyPI...
EUVD-2024-30440
Malicious code in bioql PyPI...
EUVD-2024-0700
Malicious code in bioql PyPI...
EUVD-2025-0037
Malicious code in bioql PyPI...
EUVD-2022-7378
Malicious code in bioql PyPI...
CVE-2024-41177
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2025-23171
The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...
PT-2025-26170
Name of the Vulnerable Software and Affected Versions open5gs versions 2.7.2 and earlier Description A missing length check in the ogs pfcp dev add function from the PFCP library allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater...
PT-2025-26198
Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 2.5.0 Description The issue affects how urllib3 handles redirects and retries, controlled by the Retry object. Normally, redirects can be disabled at the request level or by instantiating a PoolManager with specific...
CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...
CVE-2025-3937
The CVE-2025-3937 issue affects Tridium Niagara Framework and Niagara Enterprise Security. Vulnerable component: password hash with insufficient computational effort, enabling cryptanalysis. Affected software versions: Niagara Framework before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterp...
PYSEC-2025-60
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...
SonicWall NetExtender Windows Client Multiple Vulnerabilities
1 CVE-2025-23008 - SonicWall NetExtender Improper Privilege Management VulnerabilityAn improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations. CVSS Score: 7.2 CVSS Vector:...
CVE-2024-31448
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...
Apache Superset: Error verbosity exposes metadata in analytics databases
Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...
CVE-2024-11498
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...
PT-2024-30664
Name of the Vulnerable Software and Affected Versions Express.js versions prior to 4.20.0 Description The issue concerns the execution of untrusted code when passing untrusted user input to the response.redirect function in Express.js, even after sanitizing the input. This can occur when an...