1260 matches found
CVE-2021-30245
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...
CVE-2021-29655
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute...
CVE-2025-47928
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...
CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...
Spotipy 安全漏洞
Spotipy is spotipy-dev individual developer's lightweight Python library for the Spotify Web API. Spotipy suffers from a security vulnerability that stems from pullrequesttarget executing untrusted code in GitHub Actions, which could lead to credential disclosure and repository takeover...
Alibaba Cloud Linux 3 : 0051: java-11-openjdk (ALINUX3-SA-2021:0051)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0051 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-2341: Vulnerability in the Java S...
Alibaba Cloud Linux 3 : 0086: java-17-openjdk (ALINUX3-SA-2021:0086)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0086 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-21248: Vulnerability in the Oracl...
Alibaba Cloud Linux 3 : 0171: java-1.8.0-openjdk (ALINUX3-SA-2022:0171)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0171 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-21619: Vulnerability in the Oracl...
Alibaba Cloud Linux 3 : 0003: java-11-openjdk (ALINUX3-SA-2022:0003)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0003 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-35550: Vulnerability in the Java...
emacs: arbitrary code execution via Lisp macro expansion
A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.8)
The version of AOS installed on the remote host is prior to 6.8.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.8 advisory. - BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-129...
CLSA-2025-1744925460 gcc: Fix of CVE-2020-11023
CVE-2020-11023: Fix issue in DOM manipulation methods to prevent execution of untrusted code...
CLSA-2025-1744925221 gcc: Fix of CVE-2020-11023
CVE-2020-11023: Fix issue in DOM manipulation methods to prevent execution of untrusted code...
CLSA-2025-1744892170 gcc: Fix of CVE-2020-11023
CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...
openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...
openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...
CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration
Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...
DEBIAN-CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...
Hydra 安全漏洞
Hydra is a Nix open source continuous integration service based on the Nix project. A security vulnerability exists in Hydra that stems from the evaluation of untrustworthy non-flake nix code that could access the secrets of the hydra user group...
PT-2025-15834 · Tibco · Spotfire Enterprise Runtime For R
Name of the Vulnerable Software and Affected Versions: TERR versions affected versions not specified Spotfire Enterprise Runtime for R version 6 Description: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading ...