CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...

EUVD-2020-28685

Malware in sbrugna...

Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models LLMs and Multi-Component Protocols MCP - bring immense potential, but also novel vulnerabilities that traditional...

RLSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

Mageia: Security Advisory (MGASA-2025-0205)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

MGASA-2025-0205 Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

Golang 1.23.x < 1.23.11 / 1.24.x < 1.24.5 Command Execution

The version of Golang running on the remote host is 1.23.x prior to 1.23.11, 1.24.x prior to 1.24.3. It is, therefore, affected by a command execution vulnerability as referenced in 74380 advisory. - Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code...

RHEL 8 : ruby:2.5 (RHSA-2025:7539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7539 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

GHSA-VFXF-76HV-V4W4 Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

Withdrawn Advisory: User-provided environment values allow execution on macOS agents

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. Original Description Impact Agents running on...

CVE-2023-43364

CVE-2023-43364 affects Searchor prior to 2.4.2. main.py uses eval on CLI input, enabling potential remote code execution. Multiple sources (Red Hat, OSV, GHSA, and others) corroborate a pre-2.4.2 vulnerability in the Searchor CLI. Impact is described as code execution with high severity; exploit ...

CVE-2023-43364

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...

Design/Logic Flaw

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...

Windows PowerShell - Unsanitized Filename Command Execution Exploit

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...

Microsoft Word (2016) Deceptive File Reference

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Microsoft Word 2016 Vulnerability Type...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

OpenVPN 2.x < 2.3. 18/ 2.4.x < 2.4.4 Buffer Overflow Vulnerability w/ key-method 1

According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an error related to a weakness in the 'key-method 1' implementation which could allow buffer overflow attacks and result in unexpected code execution C Tenable Network Security, Inc...