212 matches found
EUVD-2012-1925
Malware in sbrugna...
EUVD-2018-20440
Malware in sbrugna...
EUVD-2019-8353
Malware in sbrugna...
EUVD-2018-0515
Malware in sbrugna...
EUVD-2017-14437
Malware in sbrugna...
EUVD-2025-21553
Malicious code in bioql PyPI...
CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...
CVE-2022-39217
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
CVE-2020-25507
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions 0777...
GHSA-88XG-V53P-FPVF YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
Summary An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server. All testing was performed on a local docker setup running the latest version of the application. PoC Proof of Concept Navigate to...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to insufficient input validation in the ThemeAdminService component. Authenticated attackers wit...
Qnap QTS Classic Buffer Overflow (CVE-2023-32968)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
CVE-2024-41871 Media Encoder | Out-of-bounds Read (CWE-125)
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...
AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)
Binary data aimodelkerashfs5containsexecutablecode.nbin...
CVE-2024-38519
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
CVE-2024-37848
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admindelete.php component...
CVE-2024-27173
Toshiba e-STUDIO multi-function printers are affected by CVE-2024-27173 in the Remote Command program, enabling remote code execution by overwriting Python executables. Root cause involves execution of code via uploaded/modified Python files, with impact to confidentiality, integrity, and availab...
PT-2024-21707
Name of the Vulnerable Software and Affected Versions Toshiba Tec Remote Command program affected versions not specified Description The issue allows an attacker to achieve Remote Code Execution by overwriting existing Python files that contain executable code. This can be difficult to execute...
RHEL 8 : 2.5_rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...
CVE-2024-2193
A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...