3356 matches found
EUVD-2023-58749
Malicious code in bioql PyPI...
EUVD-2022-4105
Malicious code in bioql PyPI...
EUVD-2022-4845
Malicious code in bioql PyPI...
EUVD-2023-41788
Malicious code in bioql PyPI...
EUVD-2025-10903
Malicious code in bioql PyPI...
EUVD-2023-55133
Malicious code in bioql PyPI...
EUVD-2022-30427
Malicious code in bioql PyPI...
EUVD-2025-16447
Malicious code in bioql PyPI...
QNAP operating system 格式化字符串错误漏洞
The QNAP operating system is an operating system from Taiwan, China-based QNAP Technology QNAP. A Formatting String Error vulnerability exists in the QNAP operating system, which arises from the use of externally controlled formatting strings that could lead to the acquisition of secret data or...
ncurses: segfaulting OOB read
A segmentation fault vulnerability was found in ncurses's convertstrings function of tinfo/readentry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error...
CVE-2025-43813
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...
OESA-2025-2349 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: tracing: Fix reading strings from synthetic events The follow commands caused a crash: cd /sys/kernel/tracing echo 's:open char file' dynamicevents echo...
CLSA-2025-1758709468 glib2: Fix of CVE-2020-35457
CVE-2020-35457: fix integer overflow in goptiongroupaddentries to prevent potential out-of-bounds write - Bug775510: avoid calling Standard C string/array functions with NULL arguments...
Denial Of Service (DoS)
ImageMagick is vulnerable to Denial of Service. The vulnerability is due to improper handling of geometry strings containing only a colon ":", which sets width/height to zero and leads to a divide-by-zero error, which allows an attacker to crash the application via a crafted input...
Prototype Pollution
devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...
[SECURITY] [DLA 4307-1] jq security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4307-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 21, 2025 https://wiki.debian.org/LTS -...
Debian dla-4307 : jq - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4307 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4307-1 [email protected] https://www.debian.org/lts/security/...
colander
This is a Python library for deserialization and validation of data structures composed of strings, mappings, and lists. It is a package that can be used to serialize an arbitrary data structure to a data structure composed of strings, mappings, and lists, and to deserialize and validate a data...
CVE-2025-58046
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...
CVE-2009-20007 Talkative IRC v0.4.4.16 Response Buffer Overflow
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code...