Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

CVE-2025-65095

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

EUVD-2025-198237

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

CVE-2025-65095

CVE-2025-65095 affects Lookyloo (web interface for capturing pages and displaying a domain-call tree). The vulnerability is a cross-site scripting issue originating from insufficient input sanitization on the index and tree pages in versions prior to 1.35.1. Exploitation details are not provided ...

CVE-2025-65095 Lookyloo is vulnerable due to improper user input sanitization

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to version 1.35.1, there is potential cross-site scripting on index and tree page. This issue has been patched in version 1.35.1...

Lookyloo 跨站脚本漏洞

Lookyloo is a website capture tool from Lookyloo open source. A cross-site scripting vulnerability exists in Lookyloo versions prior to 1.35.1, which stems from a potential cross-site scripting attack on the index and tree pages...

PT-2025-47512

Name of the Vulnerable Software and Affected Versions Lookyloo versions prior to 1.35.1 Description Lookyloo, a web interface for capturing website pages and displaying domain call trees, contains a potential cross-site scripting issue on the index and tree pages. This allows for full DOM takeove...

EUVD-2020-23146

Malware in sbrugna...

EUVD-2020-23150

Malware in sbrugna...

EUVD-2025-30620

Malicious code in bioql PyPI...

CVE-2025-58007

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through = 1.35.2...

CVE-2025-58007

Technical details (affected product, version, root cause, impact, fixes) are not provided in the connected documents. Public details about CVE-2025-58007 are not present in the supplied material. Monitor for updates from vendors/security advisories.

CVE-2025-58007 WordPress Social Pug Plugin <= 1.35.1 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Social Pug allows Retrieve Embedded Sensitive Data. This issue affects Social Pug: from n/a through 1.35.1...

CVE-2025-58007 WordPress Social Pug Plugin <= 1.35.2 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through = 1.35.2...

PT-2025-38857

Name of the Vulnerable Software and Affected Versions NerdPress Social Pug versions through 1.35.1 Description A flaw exists in NerdPress Social Pug that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere...

GHSA-G9VW-6PVX-7GMW Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary A use-after-free UAF vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. Details The vulnerability exists in Envoy's Dynamic Forward Proxy...

CVE-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free UAF vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic...