CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)

Summary The GNU C library is used by DataStage on Cloud Pak for Data as part of general processing. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

SimpleSAMLphp 安全漏洞

SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when loading an untrusted XML document that induces XML external entity injection...

Code Injection in baidu/cup

Description CUP, common useful python-lib. Currently, Most popular python lib in baidu Vulnerability description untrusted loading of data by the pickle.load function leading to Arbitrary code execution. Proof of Concept Run exploit.py import os import pickle os.system'pip3 install cup' from...

CVE-2010-3190

Untrusted search path vulnerability in the Microsoft Foundation Class MFC Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain...