CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497 Hardcoded Upgrade Decryption Passwords

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

CVE-2025-9497

Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0...

n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...

EUVD-2024-51312

Malicious code in bioql PyPI...

EUVD-2025-24435

Malicious code in bioql PyPI...

PT-2025-32702

Name of the Vulnerable Software and Affected Versions: IntelR QuickAssist Technology versions prior to 2.5.0 Description: An untrusted pointer dereference issue exists in some IntelR QuickAssist Technology software. This issue may allow an authenticated user to potentially enable a denial of...

VulnCheck KEV: CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...

urllib3 输入验证错误漏洞

urllib3 is a Python HTTP library open-sourced by urllib3. It features thread-safe connection pooling, file publishing support, and more. An input validation error vulnerability exists in urllib3 versions prior to 2.5.0 that stems from an inability to control redirection behavior in the Pyodide...

PT-2023-20532 · Unknown · Geokit-Rails

Name of the Vulnerable Software and Affected Versions: geokit-rails versions prior to 2.5.0 Description: The issue is related to Command Injection due to unsafe deserialization of YAML within the geo location cookie. This can be exploited remotely via a malicious cookie value, allowing an attacke...

CVE-2023-38670 Null pointer dereference in paddle.flip

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service...

PaddlePaddle 操作系统命令注入漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle versions prior to 2.5.0, which stems from a command injection vulnerability in PaddlePaddle's fs.py file...

PYSEC-2023-308

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0...

SUSE CVE-2015-8556

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1...

SUSE CVE-2017-9774

Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication...

MeterSphere 代码问题漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.5.0 before the version of the code problem vulnerability , the vulnerability stems from the existence of server-side request forgery , resulting in reflective cross-site scripting...

PT-2022-22157 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0 Description: The issue is related to the allocation of resources without limits or throttling in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0, update to version 2.5.0 or...

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open source Web conferencing system from the BigBlueButton community.A cross-site scripting vulnerability exists in versions prior to BigBlueButton 2.4.8 and prior to 2.5.0, which stems from users in private chat-enabled meetings being vulnerable to malicious JavaScript attack...

CVE-2022-1022

Cross-site Scripting XSS - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0...

PYSEC-2021-873

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...