CVE-2026-9351

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

EUVD-2025-22933

Malicious code in bioql PyPI...

EUVD-2024-3599

Malicious code in bioql PyPI...

CVE-2023-3949

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...

CVE-2025-31857

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Directorist AddonsKit for Elementor addonskit-for-elementor allows Stored XSS.This issue affects Directorist AddonsKit for Elementor: from n/a through = 1.1.6...

vim security update

An update is available for vim. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

CVE-2025-21856

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to devicerelease in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calli...

CVE-2024-56751 ipv6: release nexthop on device removal

In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregisternetdevice: waiting for vethA-R1 to become free. Usage count = 6 reftracker:...

CVE-2024-39933

Gogs through 0.13.0 allows argument injection during the tagging of a new release...

CVE-2022-33704

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities...

HC Newssystem 1.0-1.4 - 'index.php?ID' SQL Injection

HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj Code : Admin Username/Password Query...

Cyrus imapd 2.2.4 2.2.8 - imapmagicplus Remote Overflow

Cyrus imapd 2.2.4 2.2.8 - imapmagicplus Remote Overflow / Cyrus imapd v 2.2.4 - 2.2.8 imapmagicplus Remote Exploit By crash-x / unl0ck Bug found by Stefan Esser www.unl0ck.org / www.coredumped.info [email protected] / [email protected] Greets to: all GOTFault ex-member, unl0ck, scozar, eos-indi...

Pyramid Research Project - ghttpd security advisorie

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -=================================================================- SECURITY ADVISORY PYR/MID, Research Project - 100702 Members: Apm, flea, thread Title: GazTek HTTP Daemon v1.4-3 Buffer Overflow Author: flea Vulnerable GazTek HTTP Daemon = v1.4-3...