GHSA-PQHX-W72W-M393 ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

PT-2026-2111

Name of the Vulnerable Software and Affected Versions NiceGUI versions 2.22.0 through 3.4.1 Description NiceGUI is a Python-based UI framework susceptible to a cross-site scripting XSS issue. The problem stems from an unsafe implementation within the click event listener used by ui.sub pages,...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the pushstate event listener that could lead to the manipulation of URL fragment...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +217 more potentially affected by CVE-2025-11200 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11200 Source advisory: OSV:GHSA-6XJ8-RRQX-R4CV...

EUVD-2025-2143

Malicious code in bioql PyPI...

EUVD-2025-1700

Malicious code in bioql PyPI...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +217 more potentially affected by CVE-2025-52967 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...

CVE-2025-47619

Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through = 2.20.2...

CVE-2025-21083

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.22.0 that stems from an inability to properly handle posts with attachments, allowing an attacker to cause a mobile device to crash by creating such a...

PT-2025-4149 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions =2.22.0 Description: The issue arises from the improper handling of posts with attachments that contain fields which cannot be converted to a string. This allows an attacker to cause the mobile application to crash ...

CVE-2025-21083

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

CVE-2025-20036

Mattermost Mobile Apps versions =2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post...

PT-2025-4140 · Mattermost · Mattermost Mobile Apps

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.22.0 Description: The issue arises from the failure to properly validate post properties, allowing a malicious authenticated user to cause a crash via a malicious post. This can be exploited by an...

PT-2025-3908 · Mattermost · Mattermost Mobile Apps

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.22.0 Description: The issue arises from the mobile application's inability to properly handle specially crafted attachment names. This allows an attacker to crash the mobile app for any user who has opened a...

PT-2025-4189 · Mattermost · Mattermost Mobile Apps

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.22.0 Description: The issue arises from the failure to properly validate post properties, allowing a malicious authenticated user to cause a crash via a malicious post. This can be exploited by an...

CVE-2024-1297

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

Command injection

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

CVE-2024-1297 Loomio 2.22.0 - Code injection

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

PT-2023-31461 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta MJS versions 2.20.0 through 2.22.0 Description: The issue is related to an out-of-bounds read in the getprop builtin foreign function when a Built-in API name occurs in a substring of an input string. This can lead to a buffer overflo...