730 matches found
EUVD-2025-24041
Malicious code in bioql PyPI...
EUVD-2021-33427
Malicious code in bioql PyPI...
EUVD-2024-23311
Malicious code in bioql PyPI...
EUVD-2025-17611
Malicious code in bioql PyPI...
EUVD-2022-28743
Malicious code in bioql PyPI...
EUVD-2023-24712
Malicious code in bioql PyPI...
EUVD-2021-33430
Malicious code in bioql PyPI...
EUVD-2021-27668
Malicious code in bioql PyPI...
Incorrect URL validation in FILTER_VALIDATE_URL
...
FILTER_VALIDATE_URL accepts URLs with invalid userinfo
...
CVE-2025-56200
A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...
GHSA-9965-VMPH-33XX validator.js has a URL validation bypass vulnerability in its isURL function
A URL validation bypass vulnerability exists in validator.js prior to version 13.15.20. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SideroLink connection. An attacker can send arbitrary packets over the interface by exploiting the lack of validation on the packet's destination address. Workaround Users who are not able to upgrade to t...
WordPress UK Address Postcode Validation plugin <= 3.9.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin UK Address Postcode Validation versions = 3.9.2...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
Unspecified Vulnerability in BMC Control-M (CNVD-2025-22541)
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...
DragonFly's manager generates mTLS certificates for arbitrary IP addresses
Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...
GHSA-255V-QV84-29P5 DragonFly's manager generates mTLS certificates for arbitrary IP addresses
Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...
CVE-2025-55114
The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...
CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order
The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...