123 matches found
CVE-2025-66908
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...
Remote Code Execution (RCE)
redaxo/source is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of template content allowing PHP code injection, which allows an attacker to execute arbitrary operating system commands when the template is rendered...
Laravel File Manager 安全漏洞
Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager version 3.3.1, which stems from allowing users to upload create and rename HTML and SVG type files without adequate content type validation or output...
WSO2多款产品 安全漏洞
WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists in...
EUVD-2019-9257
Malware in sbrugna...
EUVD-2016-4093
Malware in sbrugna...
EUVD-2020-29334
Malware in sbrugna...
EUVD-2021-25382
Malware in sbrugna...
EUVD-2022-7274
Malicious code in bioql PyPI...
EUVD-2021-7558
Malicious code in bioql PyPI...
EUVD-2024-38812
Malicious code in bioql PyPI...
EUVD-2022-7259
Malicious code in bioql PyPI...
EUVD-2023-1375
Malicious code in bioql PyPI...
EUVD-2025-18886
Malicious code in bioql PyPI...
BIT-JENKINS-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...
CVE-2025-55735 flaskBlog Stored XSS Vulnerability
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...
CVE-2022-41710
Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...
CVE-2020-8468
Trend Micro Apex One 2019, OfficeScan XG and Worry-Free Business Security 9.0, 9.5, 10.0 agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication...
CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import
iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...
PT-2025-7416 · Ibm · Ibm Cognos Controller +1
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue allows an authenticated attacker to conduct formula injection, potentially enabling the execution of arbitrary commands on the syste...