1019 matches found
PT-2025-39649
Name of the Vulnerable Software and Affected Versions givanz Vvveb versions up to 1.0.7.2 Description A flaw exists within the Configuration File Handler component that can lead to information disclosure. The issue is potentially exploitable remotely. The exploit has been publicly disclosed...
GHSA-9X36-C74V-FGR6 ml-logger file handler allows reading arbitrary files
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
ml-logger file handler allows reading arbitrary files
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
CVE-2025-10952
A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...
PT-2025-39407
Name of the Vulnerable Software and Affected Versions geyang ml-logger versions prior to acf255bade5be6ad88d90735c8367b28cbe3a743 Description A security flaw exists in geyang ml-logger. The issue resides in the stream handler function within the ml logger/server.py file of the File Handler...
ML-Logger 访问控制错误漏洞
ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. An access control error vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from an incorrect manipulation of the parameter...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the logoNavbar or logoLogin arguments in the SVG File Handler component of the /admin path. An attacker can inject and execute arbitrary scripts by supplying crafted input to these arguments. Details...
GHSA-4C44-R8RM-3P39 Mangati NovoSGA XSS vulnerability in /admin
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
Mangati NovoSGA XSS vulnerability in /admin
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909 Mangati NovoSGA SVG File admin cross site scripting
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909 Mangati NovoSGA SVG File admin cross site scripting
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is...
CVE-2025-10909
Mangati NovoSGA (versions up to 2.2.9) is affected by a Cross-site Scripting (XSS) vulnerability in the SVG File Handler, specifically via manipulation of the logoNavbar/logoLogin arguments in the /admin path. The issue can be exploited remotely; multiple sources report that the exploit is public...
PT-2025-39289
Name of the Vulnerable Software and Affected Versions Mangati NovoSGA versions through 2.2.9 Description A security flaw exists in Mangati NovoSGA. The issue is related to cross site scripting within the SVG File Handler component, specifically affecting the file /admin. Manipulation of the...
CVE-2025-10767
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...
CVE-2025-10767 CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remoteupload/remotedownload of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration"PASSWORD" results in os command injection. The...
PT-2025-38667
Name of the Vulnerable Software and Affected Versions CosmodiumCS OnlyRAT versions prior to 3.3 Description A vulnerability exists in CosmodiumCS OnlyRAT. The connect/remote upload/remote download function within the main.py file of the Configuration File Handler component is affected. Manipulati...
CVE-2025-10253
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
OESA-2025-2252 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability has been found in Op...
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...