EUVD-2026-2047

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2017-11062

Malware in sbrugna...

EUVD-2025-12613

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-6133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PolicyKit aka polkit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are...

CVE-2025-49830

Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand th...

Mozilla: Bypass "No Links" Restriction in Biography via Protocol-Relative URL (//)

The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks using protocol-relative URLs //evil.com. This violation of the declared application policy was achieve...

CVE-2025-46342 Kyverno vulnerable to bypass of policy rules that use namespace selectors in match statements

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

CISCO-SA-20180718-POLICY

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:50+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666793827013630...

BIT-NODE-MIN-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

CVE-2017-20048

CVE-2017-20048 entry is rejected/not used and does not represent an active vulnerability per the Initial Description.

Authorization Bypass

chromium is vulnerable to authorization bypass. The vulnerability exists through insufficient policy enforcement in payments, allowing navigation restriction bypass...

Talos Vulnerability Discovery Year in Review - 2018

Introduction Cisco Talos' Vulnerability Discovery Team investigates software and operating system vulnerabilities in order to discover them before malicious threat actors. We provide this information to vendors so that they can create patches and protect their customers as soon as possible. We...

SOL42219132 - OpenSSL vulnerability CVE-2016-6309

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL07112184 - HHVM vulnerability CVE-2016-1000109

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL59722044 - PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL05428062 - pcregrep in PCRE vulnerability CVE-2015-8393

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL86533083 - BIND vulnerability CVE-2015-8705

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL4602: Overview of the F5 security vulnerability response policy SOL9957: Creating a custom RSS feed to view new and updated documents SOL4918: Overview of the F5...

SOL16903 - Microsoft Schannel vulnerability CVE-2015-1637

1 BIG-IP Edge Client for Windows uses Schannel.dll directly and indirectly through WinINet for HTTPS communication with Microsoft Windows. F5 recommends that users apply the applicable Microsoft update posted at . This link takes you to a resource outside of AskF5, and the third party could remov...

SOL15970 - GnuTLS 3.x vulnerability CVE-2014-8564

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15748 - BIND vulnerability CVE-2010-0290

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custo...