| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution (RCE) on the Actions runner. The workflow runs with broad permissions and access to repository secrets. It is possible for an attacker to execute arbitrary commands on the runner, push or modify code in the repository, access secrets, and create malicious releases or packages, resulting in a complete compromise of the repository and its associated services. This is fixed in version 3.26.7. |
| fs2 is a compositional, streaming I/O library for Scala. Versions 3.12.2 and lower and 3.13.0-M1 through 3.13.0-M6 is vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down `write` while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions 3.12.1 and 3.13.0-M7. |
| DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization) exploitation. The gadget available in DeepDiff allows `deepdiff.serialization.SAFE_TO_IMPORT` to be modified to allow dangerous classes such as posix.system, and then perform insecure Pickle deserialization via the Delta class. This potentially allows any Python code to be executed, given that the input to Delta is user-controlled. Depending on the application where DeepDiff is used, this can also lead to other vulnerabilities. This is fixed in version 8.6.1. |
| Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0. |
| ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2. |
| A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the argument scripts causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. |
| Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. |
| The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. |
| The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. |
| The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. |
| Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one. This is fixed in version 3.26.0. |
| Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. |
| Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. |
| Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim’s session. Version 5.28.5 contains a patch. |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
