Astra Linux - уязвимость в perl

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...

EUVD-2020-28685

Malware in sbrugna...

EUVD-2023-32973

Malicious code in bioql PyPI...

Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

RLSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

Mozilla -- Insufficient input escaping

[email protected] reports: Insufficient escaping in the Copy as cURL feature could potentially be used to trick a user into executing unexpected code...

Mageia: Security Advisory (MGASA-2025-0205)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

MGASA-2025-0205 Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution

The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...

RHEL 8 : ruby:2.5 (RHSA-2025:7539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7539 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

Azure Linux 3.0 Security Update: golang / msft-golang (CVE-2023-29402)

The version of golang / msft-golang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29402 advisory. - The go command May generate unexpected code at build time when using cgo. This May result in...

BIT-GOLANG-2023-29402 Code injection via go command with cgo in cmd/go

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

GHSA-VFXF-76HV-V4W4 Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

CVE-2023-43364

CVE-2023-43364 affects Searchor prior to 2.4.2. main.py uses eval on CLI input, enabling potential remote code execution. Multiple sources (Red Hat, OSV, GHSA, and others) corroborate a pre-2.4.2 vulnerability in the Searchor CLI. Impact is described as code execution with high severity; exploit ...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

Amazon Linux 2 : golang (ALAS-2023-2131)

The version of golang installed on the remote host is prior to 1.18.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2131 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go...