CVE-2025-47271 – GitHub OZI Action Command Injection

May 12, 2025

CVE ID : CVE-2025-47271

Published : May 12, 2025, 11:15 a.m. | 1 hour, 25 minutes ago

Description : The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40627 – AbanteCart Reflected Cross-Site Scripting (XSS) Vulnerability

Next Article CVE-2025-47270 – Nimiq Albatross Denial of Service Buffer Overflow

Highlights

CVE-2024-51983 – Cisco Web Services Crash DoS

June 25, 2025

CVE ID : CVE-2024-51983

Published : June 25, 2025, 8:15 a.m. | 2 hours, 42 minutes ago

Description : An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-47271 – GitHub OZI Action Command Injection

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

SerialTool – Serial-Port/TCP/UDP debugging tool

Threat Actors Allegedly Selling Baldwin Killer That Bypasses AV & EDR

CVE-2025-4807 – SourceCodester Online Student Clearance System Directory Traversal Information Disclosure

The AI Fix #57: AI is the best hacker in the USA, and self-learning AI

CVE-2024-51983 – Cisco Web Services Crash DoS

5 warning signs that your phone’s been hacked – and how to fight back

CVE-2025-43858 – YouTubeDLSharp Windows Command Injection Vulnerability

CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

CVE-2025-47271 – GitHub OZI Action Command Injection

Related Posts