13 matches found
CVE-2026-55153
A flaw was found in mchange-commons-java, a Java utility library. This vulnerability allows a remote attacker to achieve arbitrary code execution through Java Naming and Directory Interface JNDI injection. The library's JNDI ObjectFactory can construct objects of arbitrary classes and initialize...
CVE-2026-7142 Wooey API Endpoint scripts.py add_or_update_script improper authorization
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...
EUVD-2026-25893
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...
CVE-2026-7142
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the UploadIssueAttachment and UploadReleaseAttachment functions, over the /issues/attachments and /releases/attachments endpoints. This is only exploitable if the RequireSigninView setting is disabled, which it...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...
Incorrect Default Permissions
Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access...
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events
Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...
PT-2025-34495
Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0 Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleabili...
Race Condition
Overview pyFFTW is an A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms. Affected versions of this package are vulnerable to Race Condition due to improper synchronization when accessing shared resources. This can lead to memory...
PT-2022-23211
Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0 Description The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK...