Lucene search
+L

87 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-32813

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.03097EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2211

Malicious code in bioql PyPI...

6.4CVSS6AI score0.00503EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2334

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0082EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-2122

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.02313EPSS
Exploits1References4
circl
circl
added 2025/08/22 4:22 p.m.16 views

CVE-2025-54812

creationtimestamp| type| source ---|---|--- 2025-08-22 16:22:58+00:00| seen| https://seclists.org/oss-sec/2025/q3/134 2025-08-22 18:48:58+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwz4ocotud2y 2025-08-22 19:01:44+00:00| seen|...

5.4CVSS6.5AI score0.01084EPSS
Exploits0References3
osv
osv
added 2025/08/15 12:2 a.m.5 views

OSV-2025-631 Null-dereference READ in [email protected]

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438264629 Crash type: Null-dereference READ Crash state: [email protected]...

7.2AI score
Exploits0References1
vulnersosv
vulnersosv
added 2025/08/14 6:52 p.m.7 views

04-as-contact-numbers-menu-cli (=1.0.0), 10xanswers (>=1.0.11 <=1.0.36) +424 more potentially affected by unknown CVE via save-dev (=0.0.1-security)

save-dev NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on save-dev and may be impacted: - 04-as-contact-numbers-menu-cli =1.0.0 - 10xanswers =1.0.11, =3.0.2, =1.6.5, =1.9.1, =1.2.0, =1.1.6, =0.2.1, =1.0.0 - @andes/plex =8.0.1...

5.7AI score
Exploits0
vulnersosv
vulnersosv
added 2025/08/14 6:52 p.m.6 views

go-api-starter (>=0.0.0 <=1.3.0), redux-starter (>=0.0.0 <=1.1.0) potentially affected by unknown CVE via kik-starter (>=0.0.1 <=2.2.1)

kik-starter NPM version =0.0.1, =0.0.0, =0.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-24454...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2025/08/14 6:52 p.m.8 views

@alu0101350158/constant-folding (>=1.0.0 <=1.3.9), @mp-next/build (>=0.0.1-alpha.27 <=0.0.1-alpha.34) +9 more potentially affected by unknown CVE via commmander (=0.0.1-security)

commmander NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commmander and may be impacted: - @alu0101350158/constant-folding =1.0.0, =0.0.1-alpha.27, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - zhoukang-cli =1.0.0 Sourc...

5.7AI score
Exploits0
redhatcve
redhatcve
added 2025/07/18 5:58 p.m.8 views

CVE-2025-53938

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...

7.5CVSS6.5AI score0.00626EPSS
Exploits1References1
osv
osv
added 2025/07/14 10:16 p.m.6 views

CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...

4.7CVSS6.9AI score0.00223EPSS
Exploits1References3
vulnersosv
vulnersosv
added 2025/06/11 10:11 p.m.6 views

goodpkgmamamamamamam (=1.0.0) potentially affected by unknown CVE via mtrtestinglalalal (=0.0.1-security)

mtrtestinglalalal NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on mtrtestinglalalal and may be impacted: - goodpkgmamamamamamam =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-5040...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 8:29 a.m.6 views

CVE-2024-48782

File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end...

9.8CVSS7.9AI score0.00788EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:58 a.m.5 views

CVE-2023-47116

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

5.3CVSS6.6AI score0.00737EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/05/01 12:0 a.m.6 views

workers-oauth-provider 安全漏洞

workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from not properly verifying that the redirecturi is in the allowed list, which could lead to credential theft...

6.1CVSS6.4AI score0.00282EPSS
Exploits0References1
cnvd
cnvd
added 2025/03/27 12:0 a.m.8 views

Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05883)

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

9.8CVSS8.1AI score0.99098EPSS
Exploits20References1
cnvd
cnvd
added 2025/03/27 12:0 a.m.2 views

lunary /v1/evaluators/endpoint access control error vulnerability

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from insufficient access control in /v1/evaluators/endpoints, and can be exploited by an attacker to obtain sensitive information...

6.5CVSS6.5AI score0.00487EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/03 6:33 p.m.6 views

CVE-2025-27501 Server Side Request Forgery in Ziti Console

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...

8.6CVSS8.9AI score0.00367EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2025/02/05 9:49 p.m.10 views

@better-auth/cli (>=0.0.1 <=1.1.16-beta.10), @vxrn/better-auth (>=1.1.368 <=1.1.416) +2 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.1.16-beta.9)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =1.1.368, =1.1.0, =1.1.2-fix.1 - better-auth-monitor =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-9X4V-XFQ5-M8X5...

5.8AI score
Exploits0
cvelist
cvelist
added 2024/10/07 7:55 p.m.36 views

CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS0.00194EPSS
Exploits0References1
Rows per page
Query Builder