apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

WordPress Variable Inspector plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Variable Inspector versions = 2.6.2...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27100 An authenticated user can crash lakeFS by exhausting server memory

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27097

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

CVE-2025-27097 Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

SUSE CVE-2025-0624

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

graphql-mesh 资源管理错误漏洞

graphql-mesh is an application by Arda TANRIKULU Individual Developer. A resource management error vulnerability exists in graphql-mesh, which stems from a flaw in the query variable caching mechanism that can lead to token reuse and memory leaks...

AZL-56997 CVE-2025-0624 affecting package grub2 for versions less than 2.06-14

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

DEBIAN-CVE-2025-0624

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

AZL-57049 CVE-2025-0624 affecting package grub2 for versions less than 2.06-24

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

UBUNTU-CVE-2025-0624

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

GNU GRUB 缓冲区错误漏洞

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from a failure to properly account for the length of an environment variable when copying user-controlled environment variable data to an internal buffer, resulting in an...

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a script variable execution issue that allows an authenticated user to remotely execute code...

CVE-2024-12651

Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables. This issue affects HGS Mobile App: before 6.5.0...

SUSE CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

PT-2025-23640

Name of the Vulnerable Software and Affected Versions Jupyter Core versions prior to 5.8.0 Description The issue affects Jupyter Core on Windows, where the shared %PROGRAMDATA% directory is searched for configuration files, potentially allowing users to create files that impact other users. This ...