62 matches found
EUVD-2025-7057
Malicious code in bioql PyPI...
EUVD-2025-7073
Malicious code in bioql PyPI...
CVE-2025-49136
CVE-2025-49136 affects Listmonk before v5.0.2 where Sprig template functions env and expandenv are enabled by default, enabling non-super-admin users (with campaign/template permissions) to read host environment variables via campaign previews. Public reports and the connected Metasploit auxiliar...
GHSA-JC7G-X28F-3V3H listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Summary The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on the host. While this may not be a problem on single-user super admin installations, on multi-user installations, this allows non-super-admin users with campaign or template...
CVE-2025-24304 arkcompiler_ets_runtime has an out-of-bounds write vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write...
CVE-2025-22452 arkcompiler_ets_runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2024-11043
A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...
CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
Invoke 输入验证错误漏洞
Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. An input validation error vulnerability exists in Invoke version v5.0.2, which stems from an arbitrary file deletion vulnerability in the POST /api/v1/images/delete API...
CVE-2025-22837
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference...
CVE-2025-21089
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2025-23420 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...
CVE-2025-23418 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2025-23418 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2025-23234 Arkcompiler Ets Runtime has a buffer overflow vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow...
CVE-2025-22841 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2025-22837 Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference...
CVE-2025-22443 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read...
CVE-2025-21084 Arkcompiler Ets Runtime has an NULL pointer dereference vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios...
CVE-2025-20042 Liteos-A has an out of bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read...