EUVD-2023-45521

Malicious code in bioql PyPI...

gnutls security update

3.8.3-6.2fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 3.8.3-6.2 - keyupdate: rework the rekeying logic RHEL-107498 3.8.3-6.1 - Fix CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, and...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...

MAL-2025-26605 Malicious code in module-name (npm)

The package module-name was found to contain malicious code...

1yoouoo (>=0.0.5 <=0.1.2), bluebottle-magento-marketplace (>=1.1.2 <=1.2.5) +6 more potentially affected by unknown CVE via module-name (=0.0.1-security)

module-name NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on module-name and may be impacted: - 1yoouoo =0.0.5, =1.1.2, =0.0.2, =1.0.1, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-26605...

Malicious code in module-name (npm)

The package module-name was found to contain malicious code...

Malicious code in your-module-name (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6751268ea24120cf5830cfbc1948e7a8826069354e61bffc450257cf198ad38f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

RHEL 4 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: Path traversal via crafted tar file containing symlink CVE-2011-5325 - The addprobe function in...

Sql injection

In the module "Cross Selling in Modal Cart" motivationsale 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method motivationsaleDataModel::getProductsByIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injectio...

CVE-2023-40982

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

CVE-2023-40982

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version v2.100. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...

SUSE CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

CVE-2022-43483

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...

Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from not properly validating an input module name to...

PT-2023-15526 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio

Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper validation of the input module name to the backup services of the software. This could allow a remote attacker to access...

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...

CVE-2021-46680

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field...