EUVD-2023-58404

Malicious code in bioql PyPI...

EUVD-2021-31361

Malicious code in bioql PyPI...

CVE-2024-12740

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...

CVE-2024-12740

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...

CVE-2024-12740 Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...

CVE-2024-12740 Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file...

CVE-2024-8748

The CVE-2024-8748 entry describes a buffer overflow in the packet parser of the third‑party library libclinkc used by Zyxel VMG8825‑T50K firmware up to V5.50(ABOM.8.4)C0. This can allow a remote attacker to cause a temporary DoS of the device web management interface by sending a crafted HTTP POS...

Drupal core uses a vulnerable Third-party library CKEditor

The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations. Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. An attacker that can create or edit...

GHSA-M9FV-WHQ2-6WMC Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

The Drupal project uses the third-party library ArchiveTar, which has released a security improvement that is needed to protect some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The lates...

Exploit for Injection in Glpi-Project Glpi

It is an offensive tool for GLPI, a proof-of-concept exploit for...

CVE-2023-6154

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

CVE-2023-6154

CVE-2023-6154 affects Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free (all reported as 27.0.25.114). Root cause: a configuration setting issue in seccenter.exe that allows an attacker to change the product’s expected behavior and potentially load a third‑party li...

Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes

By Deeba Ahmed Third-Party Library Blamed for Wyze Camera Security Lapse. This is a post from HackRead.com Read the original post: Wyze Cameras Glitch: 13,000 Users Saw Footage from Others Homes...

Wyze cameras show the wrong feeds to customers. Again.

Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and...

CVE-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

Sensitive Data Exposure

Decidim and Decidim-meetings is vulnerable to Sensitive Data Exposure. The vulnerability is due to using a third party library Ransack which allows filtering data on all attributes and associations. This allows an attacker to exfiltrate non-public data from underlying database by traversing...

Decidim vulnerable to sensitive data disclosure

Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...