128 matches found
EUVD-2024-37281
Malicious code in bioql PyPI...
Fedora: Security Advisory (FEDORA-2025-3854530fd9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-4218
The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was...
Fedora 41 : trunk (2025-a265e06eb2)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a265e06eb2 advisory. Update Trunk to v0.21.13 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
The vulnerability of dependency managers for Swift and Objective-C CocoaPods, related to the provision of data elements during an erroneous session, allows a perpetrator to intercept the owner’s session and take control of another person’s CocoaPods trunk account.
The vulnerability of the dependency manager for Swift and Objective-C CocoaPods relates to the provision of data elements during an erroneous session. Exploiting this vulnerability can allow a remote attacker to intercept the user’s session and take control of their CocoaPods trunk account...
CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...
CVE-2024-4218
CVE-2024-4218 affects the AffiEasy WordPress plugin up to version 1.1.7, with a Cross-Site Request Forgery (CSRF) flaw that can be exploited by unauthenticated attackers via forged requests if a site administrator is tricked into performing an action. Connected sources confirm the issue and list ...
PT-2024-41920
Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms where 802.1x authentication is configured on access or trunk ports and routing is enabled on the access VLAN of those ports, a malicious supplicant can bypass the 802.1x...
BIT-PYTORCH-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
PT-2023-26847 · Dell · Dell Os10 Networking Switches
Name of the Vulnerable Software and Affected Versions: Dell OS10 Networking Switches versions 10.5.2.x and above Description: The issue is related to an Uncontrolled Resource Consumption Denial of Service vulnerability. When switches are configured with VLT and VRRP, a remote unauthenticated user...
Incomplete ARP table record in NetScaler
Trunk Mode enabled in NetScaler interface with multiple tagged VLANs binding. However, customer found there're one VLAN network ARP record show Incomplete in NetScaler ARP table. Like below screenshot:...
UBUNTU-CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
Code injection
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
PyTorch 代码注入漏洞
PyTorch is a Python package in the PyTorch open source. A code injection vulnerability exists in versions prior to PyTorch trunk/89695 that stems from an unsafe use of eval in its torch.jit.annotations.parsetypeline component leading to arbitrary code execution...
GHSA-87QX-G5WG-MWMJ RubyGems Cross-site Scripting vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
GHSA-74PV-V9GH-H25P RubyGems Infinite Loop vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
cobalt-bin (>=0.7.4 <=0.17.5), hyper-static-server (>=0.1.1 <=0.5.1) +10 more potentially affected by unknown CVE via sass-rs (=0.2.2)
sass-rs CARGO version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on sass-rs and may be impacted: - cobalt-bin =0.7.4, =0.1.1, =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.1-alpha1, =0.7.0, =0.1.0, =0.1.2, =0.1.8 Source cves: unknown CVE Source advisor...
CVE-2021-0203
On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group RTG, Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Storm Control enables the device to monitor traffic levels and to drop broadcast, multicas...