Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM policy matching, `*` is …

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli…

Buffer overflow due to incorrect authorization in PLC FW

Memory corruption while processing IOCTL command when device is in power-save state.

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description:  The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via Class.forName() and invokes its n…

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.