205 matches found
BIT-ARGO-WORKFLOWS-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...
WordPress WavePlayer plugin <= 3.7.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by @zdenys in WordPress Plugin WavePlayer versions = 3.7.0...
Wazuh 代码问题漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A code issue vulnerability exists in Wazuh versions 3.7.0 through prior to 4.12.0 that stems from the fimalert...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
EUVD-2021-1773
Malware in sbrugna...
EUVD-2020-0528
Malware in sbrugna...
EUVD-2020-3195
Malware in sbrugna...
EUVD-2023-2766
Malicious code in bioql PyPI...
EUVD-2022-29719
Malicious code in bioql PyPI...
EUVD-2023-2087
Malicious code in bioql PyPI...
EUVD-2025-25365
Malicious code in bioql PyPI...
EUVD-2022-28676
Malicious code in bioql PyPI...
EUVD-2025-25368
Malicious code in bioql PyPI...
EUVD-2023-58279
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-55459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...
CVE-2025-53194
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through = 3.7.0...
CVE-2025-53196
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...
CVE-2025-53196 WordPress JetEngine <= 3.7.0 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...
PT-2025-33967 · Crocoblock · Jetengine
Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions through 3.7.0 Description: A flaw exists in Crocoblock JetEngine that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: Update Crocoblo...
WordPress plugin JetEngine 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...