The vulnerability of Opigno’s Drupal CMS system lies in errors during the processing of input data during syntax analysis, allowing attackers to execute arbitrary code.

The vulnerability of Opigno’s Drupal CMS system is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2025-5646 · Asteval · Asteval

Name of the Vulnerable Software and Affected Versions: asteval affected versions not specified Description: The issue arises from how asteval performs attribute access verification, specifically in the on attribute node handler. This handler prevents access to attributes that are either present i...

PT-2025-1400 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is caused by a buffer overflow in the ASN.1 deserialization function of the S1AP handler, leading to type confusion in decoded fields. This results in invalid parsing and freeing of memory,...

Mageia: Security Advisory (MGASA-2025-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated raptor2 packages fix security vulnerability

In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

PT-2025-3838 · Apple · Swift Asn.1

Name of the Vulnerable Software and Affected Versions: Swift ASN.1 affected versions not specified Description: The issue is caused by a confusion in the ASN.1 library, which assumes that certain objects can only be provided in either constructed or primitive forms. This can trigger a...

[SECURITY] Fedora 41 Update: python-jinja2-3.1.5-1.fc41

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

DEBIAN-CVE-2024-57822

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptorntriplesparseterminternal...

CVE-2024-57822

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptorntriplesparseterminternal...

CVE-2024-57823

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

Security update for gdb

This update for gdb fixes the following issues: Mention changes in GDB 14: GDB now supports the AArch64 Scalable Matrix Extension 2 SME2, which includes a new 512 bit lookup table register named ZT0. GDB now supports the AArch64 Scalable Matrix Extension SME, which includes a new matrix register...

Malicious code in graphql.vscode-graphql-syntax (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a0d28da17294cea5d68bf358dd4576cf98bbc3d373b4add618e2c56ab5c18358 The OpenSSF Package Analysis project identified 'graphql.vscode-graphql-syntax' @ 99.99.99 npm as malicious. It is considered malicious because:...

CVE-2024-50584 SQL Injection

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software allows a hacker to trigger a service failure.

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

CVE-2024-54157

JetBrains YouTrack before 2024.3.52635 is affected by a potential ReDoS due to a vulnerable RegExp in the Ruby syntax detector. The issue is caused by an inefficient regular expression in the Ruby syntax detector component, enabling a Denial of Service under certain inputs. Affected version set i...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

GHSA-9R9M-FFP6-9X4V vue-i18n has cross-site scripting vulnerability with prototype pollution

Vulnerability type XSS Description vue-i18n can be passed locale messages to createI18n or useI18n. we can then translate them using t and $t. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation...

PT-2024-9174 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to a potential ReDoS Regular Expression Denial of Service in the Ruby syntax detector of JetBrains YouTrack. This is due to a vulnerable RegExp with inefficie...

USN-7128-1: Pygments vulnerability

Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...