CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

GO-2026-4778 Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju...

EUVD-2018-11900

Malware in sbrugna...

EUVD-2022-55413

Malicious code in bioql PyPI...

sudo: LPE via chroot option

A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the -R --chroot option. An attacker can run arbitrary commands as root on systems that support...

ABB M2M Gateway Improper Privilege Management in embedded Sudo (CVE-2023-22809)

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

Read from host file system via ImagePromptTemplate in langchain-core

Description You can create langchaincore.prompts.ImagePromptTemplate's and by extension the langchaincore.prompts.ChatPromptTemplate's with input variables that make it possible for the prompt template to read any user-specified path from the server file system. If the outputs of the prompt...

CVE-2021-47582

In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a function call to usbstartwaiturb that contains an uninterruptible wait with a user-specified timeout...

GHSA-4H54-VWX9-3VR3 Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be specified...

Silverstripe XSS In FormAction

A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be specified...

Lucee Authenticated Scheduled Job Code Execution Exploit

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...

Arbitrary file write vulnerability in Jenkins Storable Configs Plugin

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...

GHSA-79H8-7735-V3F9 System command execution vulnerability in Selection tasks Jenkins Plugin

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

YearnTokenAdapter allows a maximum loss of 100% when withdrawing

Lines of code Vulnerability details Impact YearnTokenAdapter allows slippage of 100% when withdrawing from the vault which will cause a loss of funds. Here's the documentation straight from the vault contract: It allows the user to specify the maxLoss as the last parameter. It determines how many...

CVE-2022-23607 Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

GHSA-FHPF-PP6P-55QC Unsafe handling of user-specified cookies in treq

Impact Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary, for example: py treq.get'https://example.com/', cookies='session': '1234' Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies...

RUSTSEC-2021-0011 EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...