CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71001

A segmentation violation in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

CVE-2025-71003

An input validation vulnerability in the flow.arange component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71007

An input validation vulnerability in the oneflow.indexadd component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71004

CVE-2025-71004 affects OneFlow v0.9.0 in the oneflow.logical_or component, where a segmentation violation can be triggered by crafted input, leading to Denial of Service. Multiple connected sources (NVD, Red Hat, OSV, CVE lists) concur on the same root cause and impact. The documents do not speci...

CVE-2025-1007

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 Below v0.9.0 PoC Privilege Escalation Expl...

Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

CVE-2020-27545 affecting package libdwarf for versions less than 0.9.0-1

CVE-2020-27545 affecting package libdwarf for versions less than 0.9.0-1. A patched version of the package is available...

GHSA-V84H-653V-4PQ9 Some CORS middleware allow untrusted origins

Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...

Some CORS middleware allow untrusted origins

Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...

GHSA-6GC3-CRP7-25W5 gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb

Impact SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memory during processing than the size of the...

CVE-2016-15017

CVE-2016-15017 concerns the TYPO3 extension fabarea media_upload, specifically the function getUploadedFileList in Classes/Service/UploadFileService.php. The vulnerability enables pathname traversal due to input handling in that function, with a critical impact reported (C/H/I/A = high). A fixed ...

Design/Logic Flaw

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this...

UPDATE: Sysdig Falco v0.9.0

PenTestIT RSS Feed My last post from a almost nice months ago, was about an open source behavorial activity monitor which has container support. It was updated and we now have update – the Sysdig Falco v0.9.0! This release fixes a couple of driver and OSX build incompatibility issues. What is...