Lucene search
K

778 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41820

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7611

Malicious code in bioql PyPI...

9.1CVSS9AI score0.01325EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-49458

Malicious code in bioql PyPI...

6.7CVSS7AI score0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-17643

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-5823

Malicious code in bioql PyPI...

4.3CVSS5.5AI score0.00969EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.8 views

Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.10 views

laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/01 9:21 p.m.4 views

GHSA-HJFH-5JMM-XR24 laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/01 7:57 p.m.50 views

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS0.00329EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/01 7:57 p.m.1 views

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS6.6AI score0.00329EPSS
Exploits0References6
OSV
OSV
added 2025/10/01 7:57 p.m.6 views

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS6.7AI score0.00329EPSS
Exploits0References8
CVE
CVE
added 2025/10/01 7:57 p.m.17 views

CVE-2025-58769

CVE-2025-58769 affects the Auth0-PHP SDK (versions 3.3.0–8.16.0) where the Bulk User Import endpoint does not validate the file-path wrapper or value, allowing arbitrary file paths or URLs. This impacts applications directly using the Auth0-PHP SDK or through Auth0/symfony, Auth0/laravel-auth0, a...

3.3CVSS6.6AI score0.00329EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2025/10/01 5:23 p.m.3 views

USN-7794-1: Django vulnerabilities

It was discovered that Django incorrectly handled special characters in the QuerySet function calls. A remote attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-59681 It was discovered that Django incorrectly handled files with the same path prefix when starting wit...

9.8CVSS7.5AI score0.0085EPSS
Exploits0
NVD
NVD
added 2025/10/01 4:16 a.m.7 views

CVE-2025-10744

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

5.9CVSS0.00356EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/01 3:25 a.m.4 views

CVE-2025-10744 File Manager, Code editor, backup by Managefy <= 1.6.1 - Unauthenticated Information Exposure

The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view information like full paths and...

5.9CVSS5.6AI score0.00356EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 3.3.0 through 8.16.0, which stems from an unvalidated file path wrapper or value that could lead to the acceptance of arbitrary file paths or URLs...

3.3CVSS6.7AI score0.00329EPSS
Exploits0References6
NVD
NVD
added 2025/09/24 6:15 p.m.3 views

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS0.00407EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.1 views

SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

7.5CVSS7AI score0.00663EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/19 5:33 p.m.5 views

CVE-2025-35430

CISA Thorium does not adequately validate the paths of downloaded files via 'downloadephemeral' and 'downloadchildren'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2...

5.3CVSS6.8AI score0.00461EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/16 12:39 p.m.7 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of path traversal sequences in template file destination paths, which allows an attacker system admin to perform path traversal attacks and place malicious files outside...

6.8CVSS6.7AI score0.0038EPSS
Exploits0References5Affected Software4
Rows per page
Query Builder