EUVD-2025-30948

Malicious code in bioql PyPI...

EUVD-2022-29994

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-9035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libmatio.a in matio aka MAT File I/O Library 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField in...

CVE-2025-54492

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

CVE-2010-20114

VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This fla...

Malicious code in omega-cms-lf-ng-md-file-input (npm)

The package omega-cms-lf-ng-md-file-input was found to contain malicious code...

MAL-2025-28210 Malicious code in omega-cms-lf-ng-md-file-input (npm)

The package omega-cms-lf-ng-md-file-input was found to contain malicious code...

EyouCMS 安全漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS version 1.7.3, which originates from improper neutralization of index.php input and may lead to cross-site scripting attacks...

CVE-2024-26540

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimglibrary::CImg::loadanalyze...

CVE-2024-37794

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT2 input file...

CVE-2023-28102

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

Online Notice Board System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Notice Board System project 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from a buffer overflow vulnerability that originates from the File parameter in the UploadCustomModule function failing to properly validate the length and size of the input data, which ca...

CVE-2023-34295

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target...

PT-2024-22870 · Addactis · Addactis Ibnrs

Name of the Vulnerable Software and Affected Versions: Addactis IBNRS version 3.10.3.107 Description: The issue allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name inside Input Triangles, and Yield Curve Name...

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...

Important: libtiff

Issue Overview: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Affected Packages: libtiff Issue Correction: Run yum update libtiff or yu...

VulnCheck KEV: CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

Cisco Identity Services Engine Arbitrary File Write (cisco-sa-ise-mult-j-KxpNynR)

According to its self-reported version, Cisco Identity Services Engine is affected by an arbitrary file write vulnerability that can be exploited by a remote, authenticated attacker due to insufficient file input validation. Please see the included Cisco BIDs and Cisco Security Advisory for more...