Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for URL routing using...

EUVD-2007-6480

Malware in sbrugna...

EUVD-2011-4124

Malware in sbrugna...

EUVD-2020-2341

Malware in sbrugna...

Malicious code in giteegit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service --- Category: MALICIOUS - The campaign...

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

[SECURITY] Fedora 42 Update: tree-sitter-0.25.2-8.fc42

Tree-sitter is a parser generator tool and an incremental parsing library. It can build a concrete syntax tree for a source file and efficiently update the syntax tree as the source file is edited. Tree-sitter aims to be: General enough to parse any programming language Fast enough to parse on...

Linux Distros Unpatched Vulnerability : CVE-2022-48338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The...

CVE-2025-25945

An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp...

SUSE-SU-2024:2963-1 Security update for osc

This update for osc fixes the following issues: 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Fix errorneous...

[SECURITY] Fedora 40 Update: qdox-2.1.0-3.fc40

QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools...

[SECURITY] Fedora 40 Update: maven-source-plugin-3.3.0-6.fc40

The Maven Source Plugin creates a JAR archive of the source files of the current project...

[SECURITY] Fedora 40 Update: maven-patch-plugin-1.2-27.fc40

The Patch Plugin is used to apply patches to source files...

BIT-GRADLE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

CVE-2024-0754

A vulnerability was found in Firefox. Several WASM source files can cause a crash when loaded in DevTools...

CVE-2024-0754

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox 122...

CVE-2024-0754

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox 122...

CVE-2023-30148

Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...

Cross site scripting

Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...