EUVD-2025-11131

Malicious code in bioql PyPI...

EUVD-2022-49556

Malicious code in bioql PyPI...

CVE-2025-9102 1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible ...

SuiteCRM 访问控制错误漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. An access control error vulnerability exists in SuiteCRM versions 7.14.6 and 8.8.0 that stems from a legacy iCal service authentication flaw that could lead to unauthorized access to meeting data...

CVE-2025-25325

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link...

YuPao DirectHire 安全漏洞

YuPao DirectHire is a recruiting software from the Chinese company YuPao 鱼泡. A security vulnerability exists in YuPao DirectHire version 8.8.0, which originates from a specially crafted link that can access sensitive user information...

AZL-56478 CVE-2025-0167 affecting package curl for versions less than 8.8.0-6

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

AZL-54155 CVE-2024-11053 affecting package curl for versions less than 8.8.0-4

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

Drupal core 8.8.0-10.2.10,10.3.0-10.3.8,11.0.0-11.0.7 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Jay Beaton in WordPress Core Drupal versions 8.8.0-10.2.10,10.3.0-10.3.8,11.0.0-11.0.7...

CVE-2024-8096 affecting package curl for versions less than 8.8.0-3

CVE-2024-8096 affecting package curl for versions less than 8.8.0-3. A patched version of the package is available...

CVE-2024-6197 affecting package curl for versions less than 8.8.0-2

CVE-2024-6197 affecting package curl for versions less than 8.8.0-2. A patched version of the package is available...

CVE-2024-46331

ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL...

ModStartCMS 安全漏洞

ModStartCMS is a Laravel-based modular extremely fast development framework from ModStart. A security vulnerability exists in ModStartCMS version v8.8.0, which stems from an open redirection issue in the redirection parameter of /admin/login, which allows an attacker to redirect users to arbitrar...

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

CVE-2024-2398 affecting package curl for versions less than 8.8.0-1

CVE-2024-2398 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-2004 affecting package curl for versions less than 8.8.0-1

CVE-2024-2004 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

AZL-47020 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

CVE-2024-2466 affecting package curl for versions less than 8.8.0-1

CVE-2024-2466 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

CVE-2024-0853 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...