EUVD-2025-7106

Malicious code in bioql PyPI...

EUVD-2024-20634

Malicious code in bioql PyPI...

EUVD-2024-48460

Malicious code in bioql PyPI...

EUVD-2025-23548

Malicious code in bioql PyPI...

CVE-2025-9321

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...

CVE-2025-9321 WPCasa <= 1.4.1 - Unauthenticated Code Injection

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...

WordPress plugin WPCasa 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injecti...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

CVE-2025-8749 Path traversal vulnerability in MiR robot software via API requests

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

CVE-2025-8749 Path traversal vulnerability in MiR robot software via API requests

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

CVE-2025-54554

CVE-2025-54554 affects Tera Insights tiCrypt (tiaudit component) prior to 2025-07-17. The vulnerability allows unauthenticated REST API requests that disclose sensitive information about underlying SQL queries and database structure. Reported across multiple feeds (Red Hat, PT Security, CVE lists...

ExaGrid EX10 安全漏洞

ExaGrid EX10 is a backup storage server from ExaGrid USA. A security vulnerability exists in ExaGrid EX10 versions 6.3 through 7.0.1.P08, which stems from improper handling of API requests and could lead to bypassing privilege restrictions...

Improper Input Validation

@haxtheweb/haxcms-nodejs is vulnerable to improper input validation. The vulnerability is due to the application not properly handling exceptions when required URL parameters are missing in authenticated API requests, which allows an attacker to crash the application via the listFiles and saveFil...

BIT-GITLAB-2025-6168 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2025-3396 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-3396

GitLab EE CVE-2025-3396 affects all versions 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. The issue could allow authenticated project owners to bypass group-level forking restrictions by manipulating API requests. Connected sources confirm the vulnerability description across ...

CVE-2025-6168

CVE-2025-6168 affects GitLab Enterprise Edition versions 18.0 before 18.0.4 and 18.1 before 18.1.2. The issue allows authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests. Descriptions in multiple sources (NVD, OSV, CIRCL, CVE lists) align on...

GitLab 18.0 < 18.0.4 / 18.1 < 18.1.2 (CVE-2025-6168)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation...