EUVD-2024-1934

Malicious code in bioql PyPI...

EUVD-2024-19501

Malicious code in bioql PyPI...

EUVD-2025-24655

Malicious code in bioql PyPI...

EUVD-2025-23655

Malicious code in bioql PyPI...

EUVD-2023-58834

Malicious code in bioql PyPI...

EUVD-2025-27148

Malicious code in bioql PyPI...

EUVD-2023-2444

Malicious code in bioql PyPI...

EUVD-2025-10703

Malicious code in bioql PyPI...

EUVD-2022-6362

Malicious code in bioql PyPI...

EUVD-2025-25006

Malicious code in bioql PyPI...

EUVD-2025-20863

Malicious code in bioql PyPI...

EUVD-2025-25467

Malicious code in bioql PyPI...

perl security update

An update is available for perl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Perl is a high-level programming language that is commonly used for system...

CVE-2025-60445

A stored Cross-Site Scripting XSS vulnerability has been discovered in XunRuiCMS version 4.7.1. The vulnerability exists due to insufficient validation of SVG file uploads in the dayrui/Fcms/Library/Upload.php component, allowing attackers to inject malicious JavaScript code that executes when th...

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

Directory Traversal

Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Directory Traversal via the FileSessionManager.getsessionpath, FileSessionManager.getagentpath, S3SessionManager.getsessionpath, and...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from the Spanish company AndSoft. A cross-site scripting vulnerability exists in AndSoft e-TMS v25.03, which stems from insufficient validation of parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file /clt/LOGINFRMDLG.ASP, which could...

Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

CVE-2025-58769

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...