SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the AddressRepository::getSqlQuery method that constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore...

Textpad 缓冲区错误漏洞

Textpad is a lightweight text editor developed by Textpad Inc. Version 8.1.2 of Textpad contains a buffer overflow vulnerability. This vulnerability stems from a denial-of-service vulnerability, which could allow local attackers to cause the application to crash by providing an overly long buffer...

CVE-2023-43664

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is...

CVE-2025-13644

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server...

CVE-2025-13644

The CVE-2025-13644 issue affects MongoDB Server and stems from an invariant failure during batched delete operations. The server may misinterpret a batch as containing multiple documents when the document size exceeds BSONObjMaxSize, leading to incorrect handling of the batch. Affected versions i...

CVE-2025-45378

CVE-2025-45378 (Dell CloudLink) affects Dell CloudLink running versions 8.0–8.1.2, with a vulnerability in the restricted shell that allows a privileged user with a known password to break into the CloudLink server command shell and escalate privileges, gaining unauthorized system access. If SSH ...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57107 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57107 Source advisory: OSV:PYSEC-2025-225...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57108 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57108 Source advisory: OSV:PYSEC-2025-226...

abinitostudio (>=1.0.1 <=1.0.8), aicsshparam (>=0.0.6 <=0.0.12) +145 more potentially affected by CVE-2025-57106 via vtk (>=8.1.2 <=9.5.0)

vtk PYPI version =8.1.2, =1.0.1, =0.0.6, =0.1.8, =0.4.0, =0.13.1, =0.71.0, =0.2.0, =0.4.2, =2024.7.4, =0.0.4rc3, =0.2.5, =0.6.1, =1.0.0.0, =2.1.16 and more Source cves: CVE-2025-57106 Source advisory: OSV:PYSEC-2025-224...

EUVD-2025-26602

Malicious code in bioql PyPI...

EUVD-2021-8833

Malicious code in bioql PyPI...

EUVD-2023-2445

Malicious code in bioql PyPI...

EUVD-2023-2510

Malicious code in bioql PyPI...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

PT-2025-37729

Name of the Vulnerable Software and Affected Versions Explorance Blue version 8.1.2 Description Explorance Blue version 8.1.2 contains multiple Cross Site Scripting XSS vulnerabilities in input fields. These vulnerabilities allow attackers to inject arbitrary JavaScript code into a user’s browser...

Malformed $group Query May Cause MongoDB Server to Crash

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

CVE-2025-56498

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...

PLDT WiFi Router Prolink PGN6401V 安全漏洞

PLDT WiFi Router Prolink PGN6401V is a router from PLDT Philippines. A security vulnerability exists in PLDT WiFi Router Prolink PGN6401V Firmware version 8.1.2, which stems from insufficient cleanup of the pingAddr parameter in the ping6.asp page, which could lead to OS command injection...

CVE-2025-56498

The CVE-2025-56498 entry concerns the PLDT WiFi Router Prolink PGN6401V (Firmware 8.1.2) web management interface. The vulnerability resides in the ping6.asp page, where the pingAddr parameter is sent to /boaform/formPing6 without proper sanitization, enabling an authenticated attacker to inject ...