909148 matches found
GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints
Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...
GO-2025-3595 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
DLA-3891-1 mariadb-10.5 - security update
Bulletin has no description...
RHSA-2019:2519 Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update
Bulletin has no description...
CGA-9737-QQJ4-9XJC
Bulletin has no description...
MAL-2024-4924 Malicious code in coloramas (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
ALSA-2024:0001 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...
GHSA-4GRX-2X9W-596C Marvin Attack: potential key recovery through timing sidechannels
The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...
RUSTSEC-2023-0082 phonenumber: panic on parsing crafted RF3966 phonenumber inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
OSV-2023-745 Heap-buffer-overflow in pcpp::SomeIpSdLayer::isDataValid
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61774 Crash type: Heap-buffer-overflow READ 4 Crash state: pcpp::SomeIpSdLayer::isDataValid pcpp::SomeIpLayer::parseSomeIpLayer pcpp::UdpLayer::parseNextLayer...
CVE-2023-2804
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...
GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
GHSA-C8FJ-4PM8-MP2C Broken Authorization in ZITADEL Actions
Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...
GHSA-Q98C-RQX7-7GHF Improper handling of untrusted branches in Gitea Jenkins Plugin
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...
GHSA-2259-H742-5VR4 JBoss EJB Client information disclosure vulnerability
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-4HXV-95RC-JQG7 nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...
GHSA-VCGG-HP4R-87GX Contao Does Not Invalidate Existing Sessions When Password Changes
Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the backend or frontend...
GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...
GHSA-2V6V-Q994-XVXX Privilege escalation in beego
beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
DLA-2734-1 curl - security update
Bulletin has no description...
DSA-4937-1 apache2 - security update
Bulletin has no description...
PYSEC-2021-147
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
DLA-2608-1 jquery - security update
Bulletin has no description...
GHSA-XQ5J-GW7F-JGJ8 CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...
DSA-4680-1 tomcat9 - security update
Bulletin has no description...
DLA-2065-1 apache-log4j1.2 - security update
Bulletin has no description...
DSA-4558-1 webkit2gtk - security update
Bulletin has no description...
DLA-1927-1 qemu - security update
Bulletin has no description...
DLA-1850-1 redis - security update
Bulletin has no description...
GHSA-RR3C-F55V-QHV5 Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...
DSA-4273-2 intel-microcode - security update
Bulletin has no description...
GHSA-P7C9-JQHQ-VR3V Remote Code Execution in markdown-pdf
Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow...
DSA-3448-1 linux - security update
Bulletin has no description...
DLA-288-1 openssh - security update
Bulletin has no description...
DSA-2358-1 openjdk-6 - several
Bulletin has no description...
DSA-1576-1 openssh openssh-blacklist - predictable randomness
Bulletin has no description...
GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...
BIT-PYTHON-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
PYSEC-2025-186
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...
SUSE-SU-2024:3986-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too bsc1226797. - CVE-2024-41031: mm/filemap: skip to create PMD-sized page...
GHSA-GV7V-RGG6-548H Laravel environment manipulation via query string
Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. Resolution The framework now ignores argv values for environment detection on...
RHSA-2023:6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update
Bulletin has no description...
RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release
Bulletin has no description...
GO-2023-1292 usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos...
RUSTSEC-2024-0355 gix-path can use a fake program files location
Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...
MAL-2024-7752 Malicious code in jfrog-ci-templates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca6b5be5ca78626dbb231ce098412b200202572a0c8a3513b2a666e342d8004 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ALSA-2024:4312 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Possible remote code execution due to a race condition in signal handling...