CVE-2025-27510

CRITICAL Year: 2025
Weakness Type
CWE-829
View all →

Vulnerability Description

conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, it can result in remote code execution.

Related Vulnerabilities

CVE-2024-38537

NONE
CVSS:0.0(None)

Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited e...

CWE-8292024

CVE-2020-4561

CRITICAL
CVSS:10.0(Critical)

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write fil...

CWE-8292020

CVE-2004-0030

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...

CWE-8292004

CVE-2004-0285

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV...

CWE-8292004

CVE-2010-2076

CRITICAL
CVSS:9.8(Critical)

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not p...

CWE-8292010

CVE-2012-4919

CRITICAL
CVSS:9.8(Critical)

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

CWE-8292012