13 matches found
EUVD-2012-2959
Malware in sbrugna...
EUVD-2023-33524
Malicious code in bioql PyPI...
SourceCodester Online Polling System Code 安全漏洞
SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A security vulnerability exists in SourceCodester Online Polling System Code version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter myusername in the file...
CVE-2025-53097
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...
CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability
...
CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...
CVE-2022-45479
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
m.johnboylawncare.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-984388 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2019-10168
The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...
MySQL 5.5.45 (x64) - Local Credentials Disclosure
MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to friend of...
PyroCMS "email"跨站脚本漏洞
PyroCMS是一款内容管理系统。 由于传递到index.php/register中"email" POST参数的输入在返回用户前未能正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 PyroCMS 2.2.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: https://www.pyrocms.com/...
CVE-2011-0064
The hbbufferensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary...
Microsoft Windows Malformed RTF Handling Code Execution (MS07-011; CVE-2006-1311; CVE-2007-0025; CVE-2007-0026)
Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. By...