CVE-2026-4539

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...

Matthäus G. Chajdas pygments 安全漏洞

Matthäus G. Chajdas’ pygments is an open-source application developed by Matthäus G. Chajdas. It provides a general-purpose syntax highlighting tool. Versions of Matthäus G. Chajdas’ pygments prior to 2.19.2 contained security vulnerabilities. These vulnerabilities were caused by inefficient...

GHSA-3M6G-2423-7CP3 Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

CVE-2026-24127

CVE-2026-24127 pertains to Typemill, a flat-file CMS. A reflected XSS vulnerability exists in the login error view template login.twig affecting versions 2.19.1 and earlier, where the username value is echoed back without proper contextual encoding during failed authentication. This could allow a...

EUVD-2015-1480

Malware in sbrugna...

GHSA-2RJV-CV85-XHGM OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object

Impact OpenSearch versions 2.19.2 and earlier improperly apply Field Level Security FLS rules on fields which are not at the top level of the source document tree i.e., which are members of a JSON object. If an FLS exclusion rule like object is applied to an object valued attribute in a source...

GHSA-RRMM-WQ7Q-H4V5 OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape

Impact OpenSearch versions 2.19.2 and earlier improperly apply field masking rules on fields of the types ip, geopoint, geoshape, xypoint, xyshape. While the content of these fields is properly redacted in the source document returned by search operations, the original unredacted values remain...

Proxifier for Mac 2.19 - Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Proxifier For Mac 2.19 Local Privilege Escalation

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...

Proxifier 2.19 Privilege Escalation / Code Execution

With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...