Milvus Proxy has a Critical Authentication Bypass Vulnerability

Impact What kind of vulnerability is it? Who is impacted? An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modif...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

CVE-2025-64513

CVE-2025-64513 describes a critical authentication bypass in the Milvus Proxy component of Milvus. An unauthenticated attacker can bypass all authentication, gaining full administrative access to the Milvus cluster, with read/modify/delete of data and privileged operations such as database or col...

CVE-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

PT-2025-46212

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.4.24 Milvus versions 2.5.0 through 2.5.20 Milvus versions 2.6.0 through 2.6.4 Description An unauthenticated attacker can bypass authentication mechanisms in the Milvus Proxy component, gaining full administrative...

milvus 授权问题漏洞

milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. An authorization issue vulnerability exists in Milvus versions prior to 2.4.24, prior to 2.5.21, and prior to 2.6.5, which stems from an authentication mechanism bypass issue in the Milvus Proxy componen...

EUVD-2025-19065

Malicious code in bioql PyPI...

EUVD-2024-29014

Malicious code in bioql PyPI...

CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection

Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting XSS via the mail template settings. Once a malicious payload is saved, any subsequent visit to the settings page in an authenticated admin context will...

emlog 跨站脚本漏洞

Emlog is a PHP and MySQL based CMS builder. Emlog 2.5.21 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the email template settings, an attacker can exploit this vulnerability by...

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

Meshtastic-Android 安全漏洞

Meshtastic-Android is an Android application from the Meshtastic open source. A security vulnerability exists in Meshtastic-Android versions prior to 2.5.21, which stems from the fact that an attacker can send an unencrypted direct message to impersonate another node, potentially leading to a fal...

Sulu 代码问题漏洞

Sulu is a Symfony framework on an extensible, PHP-based open source content management system from Sulu, Austria. A code issue vulnerability exists in Sulu versions 2.5.21, 2.6.5, and 3.0.0-alpha1, which stems from an administrator user uploading SVGs that could lead to insecure XML external enti...

CVE-2024-31103

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21...

WordPress plugin Kanban Boards for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-27395 · WordPress · Kanban Boards For Wordpress

Name of the Vulnerable Software and Affected Versions: Kanban Boards for WordPress versions through 2.5.21 Description: The issue affects Kanban Boards for WordPress due to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels...

CVE-2024-47617

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...

CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...

WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Kanban Boards for WordPress versions = 2.5.21...

PT-2024-23772 · WordPress · Kanban Boards

Name of the Vulnerable Software and Affected Versions: Kanban Boards for WordPress versions 2.5.21 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks...