164 matches found
EUVD-2025-207565
free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...
Ghost cross-site scripting vulnerabilities
Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 5.43.0 to 5.12.04, as well as 6.0.0 to 6.14.0, have a cross-site scripting vulnerability. This vulnerability arises because specially crafted links may execute JavaScript, potentially leading to account...
PCF security vulnerabilities
PCF is a policy control module developed under the open-source Free5GC project. Version 1.4.0 of PCF contains a security vulnerability, which stems from a null pointer dereferencing in the HandleDeletePoliciesPolAssoId function...
CVE-2022-31004
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
titra 安全漏洞
titra is an open source time tracking project by kromit. A security vulnerability exists in titra 0.99.49 and earlier versions , the vulnerability stems from a bulk assignment vulnerability in the API that allows authenticated users to bypass business logic controls by injecting arbitrary fields...
WebStack-Guns 路径遍历漏洞
WebStack-Guns is Dana Keeling individual developer of an open source web site navigation website project , backend based on Guns and Springboot. WebStack-Guns 1.0 version of a path traversal vulnerability , the vulnerability stems from the file KaptchaController.java function renderPicture...
Another Critical RCE Discovered in a Popular MCP Server
Artificial Intelligence development is moving faster than secure coding practices, and attackers are taking notice. Imperva Threat Research recently uncovered and disclosed a critical Remote Code Execution RCE vulnerability CVE-2025-53967 in the Framelink Figma MCP Server. This is just one exampl...
EUVD-2024-0944
Malicious code in bioql PyPI...
EUVD-2022-0515
Malicious code in bioql PyPI...
EUVD-2025-17467
Malicious code in bioql PyPI...
EUVD-2023-38092
Malicious code in bioql PyPI...
EUVD-2021-8635
Malicious code in bioql PyPI...
EUVD-2023-40425
Malicious code in bioql PyPI...
EUVD-2024-42704
Malicious code in bioql PyPI...
EUVD-2024-0617
Malicious code in bioql PyPI...
Neo4j MCP Clients & Servers 安全漏洞
Neo4j MCP Clients & Servers is a protocol for managing large language model contexts in the Neo4j Contrib open source. A security vulnerability exists in Neo4j MCP Clients & Servers, which stems from a DNS rebinding vulnerability that could lead to bypassing same-origin policy protections and...
Malicious code in verizon-media-open-source-project-protal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5effa09096e10b22706af0dd8301a46baa8c707c7979154017d0493e25abf88 The OpenSSF Package Analysis project identified 'verizon-media-open-source-project-protal' @ 2.0.1 npm as malicious. It is considered malicious...
DbGate 安全漏洞
DbGate is a database manager from the DbGate open source. A security vulnerability exists in DbGate 6.6.0 and earlier versions, which stems from insufficient file path validation and could lead to unauthorized file access...
1000 Projects ABC Courier Management System 注入漏洞
1000 Projects ABC Courier Management System is an open source courier management system from 1000 Projects. An injection vulnerability exists in version 1.0 of the 1000 Projects ABC Courier Management System, which is caused by a SQL injection due to incorrect operation of the parameter reciverna...
melange 安全漏洞
melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...