Valmet DNA Web Tools 安全漏洞

Valmet DNA Web Tools is a set of management and engineering tools for the decentralized control system of the Finnish company Valmet. Versions of Valmet DNA Web Tools prior to C2022 contained security vulnerabilities; these vulnerabilities allowed unverified attackers to access arbitrary files by...

PT-2026-2288

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 1.17.0 Description The Weblate command-line client, wlc, which utilizes Weblate's REST API, had a flaw where SSL verification was bypassed for specific, manipulated URLs. This could potentially allow for...

EUVD-2025-60981

Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access...

PYSEC-2025-91

changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...

CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API

changedetection.io is a free open source web page change detection tool. A Stored Cross Site Scripting is present in changedetection.io Watch update API in versions prior to 0.50.34 due to insufficient security checks. Two scenarios are possible. In the first, an attacker can insert a new watch...

EUVD-2021-10782

Malware in sbrugna...

setuptools: Path Traversal Vulnerability in setuptools PackageIndex

A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...

GHSA-CC97-G92W-JM65 TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

SAP Commerce Input Validation Error Vulnerability

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. An input validation error vulnerability exists in SAP Commerce versions 1905, 2005, 2105, 2011, and 2205, which ca...

Info Fisier 1.0 - SQL Injection

Info Fisier 1.0 - SQL Injection ==================================================================================== + Info Fisier 1.0 SQL Injection Vulnerability + Software : Info Fisier 1.0 + Author : AnGrY BoY + Contact : [email protected] & [email protected] + Home :...

CVE-2005-1365

Pico Server pServ 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" slash characters and ".." sequences...