Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the Rotate function. An attacker can escalate privileges and access sensitive information by submitting a sealed secret with manipulated spec.template.metadata.annotations, allowing the output to be resealed wi...

EUVD-2017-0017

Malware in sbrugna...

EUVD-2022-7106

Malicious code in bioql PyPI...

EUVD-2022-3638

Malicious code in bioql PyPI...

EUVD-2025-7180

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-35186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A speciall...

CVE-2022-3971

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

CVE-2025-30160

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive...

CVE-2025-30160 Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

DEBIAN-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide prior to version 0.36.0, which can be exploited to execute arbitrary code by traversing the outside of the working tree...

Matrix-appservice-irc vulnerable to sql injection via roomIds argument

A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is...

Sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

Design/Logic Flaw

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

PT-2022-24922 · Sputnikvm · Sputnikvm

Name of the Vulnerable Software and Affected Versions: SputnikVM versions prior to 0.36.0 Description: A custom stateful precompile can use the is static parameter to determine if the call is executed in a static context, and thus decide if stateful operations should be done. Prior to version...