EUVD-2023-58824

Malicious code in bioql PyPI...

EUVD-2024-2285

Malicious code in bioql PyPI...

EUVD-2025-24650

Malicious code in bioql PyPI...

EUVD-2024-42516

Malicious code in bioql PyPI...

EUVD-2023-49495

Malicious code in bioql PyPI...

EUVD-2025-12656

Malicious code in bioql PyPI...

Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...

CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

CVE-2025-10155

CVE-2025-10155 affects the Python tool picklescan by mmaitre314 (versions up to 0.0.30). The root cause is an ImpropER Input Validation issue in the scanning logic, which allows a standard pickle file with a PyTorch-related file extension to be treated as safe and loaded, enabling remote code exe...

Linux Distros Unpatched Vulnerability : CVE-2021-23180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

CVE-2012-10034 ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie

ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...

Sourceforge LibrettoCMS 安全漏洞

Sourceforge LibrettoCMS is an open source content management system from Sourceforge. A security vulnerability exists in Sourceforge LibrettoCMS 1.1.7 and earlier versions, which stems from a file manager plugin that does not properly validate file extensions, and could lead to remote code...

The vulnerability of the File Extension Handler component in the Mozilla Firefox browser allows a hacker to load any file they desire.

The vulnerability of the File Extension Handler component in the Mozilla Firefox browser is related to the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to download any file at will...

CVE-2025-7895

The CVE-2025-7895 entry concerns harry0703 MoneyPrinterTurbo (up to 1.2.6). The vulnerable component is the File Extension Handler, specifically the function upload_bgm_file in app/controllers/v1/video.py. The root cause is manipulation of the File argument, enabling unrestricted (arbitrary) file...

CVE-2025-7895 harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function uploadbgmfile of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It i...

WordPress plugin Simple-File-List 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

CVE-2025-6435

CVE-2025-6435 corresponds to a Mozilla Firefox/Thunderbird issue where saving a response from Devtools Network tab via the Save As menu may fail to preserve the .download extension. This could allow a user to inadvertently run a malicious executable. The FreeBSD advisory also notes memory safety ...