37 matches found
PYSEC-2026-430 OpenStack Murano Code Execution
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
Off-by-one Error
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
CVE-2026-40169
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...
CVE-2026-34730
Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
EUVD-2025-178902
Malicious code in final-scale-static-yaml-debug npm...
EUVD-2025-116520
Malicious code in ariel-cluster-yaml-vega npm...
Malicious code in yaml-gatsby-yildun-less (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9176cc856a7e1b77aae4968733ab2bea8d8ddf71d2233a9e6f1ef1c0f9e0646f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-123639
Malicious code in playwright-library-build-yaml npm...
Vlang-Pentest-Framework
๐ฅ Vlang Pentest Framework โโโ โโโโโโโโโโ โโโโโโโโโโโโ...
EUVD-2021-2055
Malware in sbrugna...
EUVD-2021-20196
Malware in sbrugna...
poc-scaner
Java POC Scanner A powerful graphical POC Proof of Concept...
SUSE SLES15 / openSUSE 15 Security Update : ignition (SUSE-SU-2025:03001-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03001-1 advisory. - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input bsc1248548 Tenable has extracted the...
PT-2024-26436 ยท Libyaml ยท Libyaml
Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue is related to a heap-based Buffer Overflow in the yaml document add sequence function in api.c. Recommendations: For libyaml version 0.2.5, at the moment, there is no information about a newer...
็ผๅทๆคๅ
libyaml is a codec library for YAML from the YAML community. This CVE number has been withdrawn...
CVE-2023-46124
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...
CVE-2023-46124 Server-Side Request Forgery Vulnerability in Custom Integration Upload
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...
GHSA-JQ3W-9MGF-43M4 Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
Impact The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal system...
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
Impact The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal system...