4598 matches found
EUVD-2021-32611
Malicious code in bioql PyPI...
EUVD-2022-0602
Malicious code in bioql PyPI...
EUVD-2022-44223
Malicious code in bioql PyPI...
EUVD-2022-4407
Malicious code in bioql PyPI...
EUVD-2025-8682
Malicious code in bioql PyPI...
EUVD-2022-4400
Malicious code in bioql PyPI...
EUVD-2025-6033
Malicious code in bioql PyPI...
EUVD-2022-3667
Malicious code in bioql PyPI...
CVE-2025-61666
Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file syste...
GHSA-25QH-J22F-PWP8 QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
CVE-2025-11226
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing
QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...
CVE-2025-11126
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be...
CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2025-11195
Rapid7 AppSpider Pro versions below 7.5.021 are affected by a project name validation bypass. The issue arises from insufficient verification of project name uniqueness when editing the configuration file outside the application, allowing an attacker to set a project name to one that already exis...
Tenda AC8 formSetServerConfig function buffer overflow vulnerability
Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...
CVE-2025-11026
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and...
CVE-2025-11010
A flaw was found in the libucl library. A heap-based buffer over-read can be triggered when a specially crafted configuration file is processed, causing a crash to the application linked to the library and resulting in a denial of service...