EUVD-2025-28126

Malicious code in bioql PyPI...

EUVD-2025-28128

Malicious code in bioql PyPI...

CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47786

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

emlog 代码问题漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A code issue vulnerability exists in emlog 2.5.13 and earlier versions, which stems from a deserialization vulnerability that could lead to a deserialization failure...

PT-2025-21366 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog version 2.5.13 Description: Emlog is an open source website building system with a stored cross-site scripting issue. This allows any registered user to construct malicious JavaScript, inducing all website users to click. The...

PT-2024-28143 · Woocommerce · Wallet System For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wallet System for WooCommerce versions 2.5.13 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...

Sulu Security Breach

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A security vulnerability exists in Sulu versions 2.2.0 through prior to 2.5.13, which stems from the ability to grant access to a page regardless of the permissions of a role in a...

PT-2024-22132 · Symfony · Symfony Security Http

Name of the Vulnerable Software and Affected Versions: Sulu versions 2.2.0 through 2.4.16 Sulu versions 2.5.0 through 2.5.12 Description: The issue concerns a PHP content management system where access to pages is granted regardless of role permissions for webspaces with a security system...

PT-2023-24908 · Ruijie · Ruijie Rg-Bcr860

Name of the Vulnerable Software and Affected Versions: Ruijie RG-BCR860 version 2.5.13 Description: A critical issue affects the Network Diagnostic Page component, leading to os command injection through unknown processing. This can be exploited remotely. Recommendations: For Ruijie RG-BCR860...

Ruijie Networks RG-BCR860 操作系统命令注入漏洞

The RG-BCR860 is a commercial cloud router from Ruijie Networks China. Ltd. The RG-BCR860 version 2.5.13 suffers from an operating system command injection vulnerability that originates from the failure of the component Network Diagnostic Page to correctly filter constructed command special...

SUSE CVE-2021-4200

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

SUSE CVE-2021-36784

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

Design/Logic Flaw

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

au.com.dius.pact.consumer:groovy (>=4.1.0 <=4.2.21), au.com.dius:pact-jvm-consumer-groovy (>=4.0.7 <=4.0.10) +843 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy (>=2.5.0 <=2.5.13)

org.codehaus.groovy:groovy MAVEN version =2.5.0, =4.1.0, =4.0.7, =2.2.1, =3.0.0, =0.9.0, =3.1.174, =8.1.0.371, =8.1.0.304, =8.1.0.371, =8.1.0.516, =8.1.0.304, =8.1.0.578.141 and more Source cves: CVE-2020-17521 Source advisory: OSV:GHSA-RCJJ-H6GH-JF3R...

Memory corruption

gif2png 2.5.13 has a memory leak in the writefile function...

CVE-2019-17371

gif2png 2.5.13 has a memory leak in the writefile function...