240 matches found
EUVD-2018-9987
Malware in sbrugna...
EUVD-2020-27000
Malware in sbrugna...
EUVD-2024-21336
Malicious code in bioql PyPI...
EUVD-2024-31887
Malicious code in bioql PyPI...
EUVD-2022-29284
Malicious code in bioql PyPI...
EUVD-2025-17637
Malicious code in bioql PyPI...
EUVD-2022-29286
Malicious code in bioql PyPI...
EUVD-2025-1987
Malicious code in bioql PyPI...
EUVD-2024-19761
Malicious code in bioql PyPI...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
PT-2025-37180
Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a stored cross-site scripting issue. The vulnerability is due to insufficient validation of user inputs for the fullname, location, and message...
Cross-Site WebSocket Hijacking (CSWSH)
github.com/komari-monitor/komari, is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking, which allows an attacker to hijack authenticated user WebSocket connections...
CVE-2025-34050
A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
vantage6 lacks brute-force protection on change password functionality
Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...
GHSA-J6G5-P62X-58HW vantage6 lacks brute-force protection on change password functionality
Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...
PYSEC-2025-220
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...
CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...
CVE-2025-5741
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server...