6341 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
Khora Exploit Framework v2.0 ============================ Mod...
CVE-2025-13158
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
apidoc-core has a prototype pollution vulnerability
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
CVE-2025-13158
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
EUVD-2025-205451
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...
openSUSE 16 Security Update : cheat (openSUSE-SU-2025:20177-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20177-1 advisory. - Security: CVE-2025-47913: Fix client process termination bsc1253593 CVE-2025-58181: Fix potential unbounded memory consumption bsc1253922...
EUVD-2025-204709
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...
CVE-2025-14738
Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
CVE-2025-14738
Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
CVE-2025-14738
Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
CVE-2025-14737
Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE
Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
CVE-2025-14737
CVE-2025-14737 concerns a command-injection vulnerability in TP-Link WA850RE (httpd modules) that allows an authenticated adjacent attacker to inject arbitrary commands. Affected devices include WA850RE V2_160527 and WA850RE V3_160922 (and earlier), with exploitation described as possible (PoC) p...
Security update 5.0.6 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
PT-2025-52276
Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2 160527, ≤ WA850RE V3 160922...
CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
CVE-2025-67747
CVE-2025-67747 concerns Fickling, a Python pickle analysis tool. Multiple sources document that versions prior to 0.1.6 did not include marshal and types in the unsafe-import blocklist, allowing a crafted pickle to bypass safety checks due to missing detections for marshal.loads and types.Functio...
EUVD-2025-203479
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...