87 matches found
EUVD-2021-32813
Malicious code in bioql PyPI...
EUVD-2023-2211
Malicious code in bioql PyPI...
EUVD-2023-2334
Malicious code in bioql PyPI...
EUVD-2023-2122
Malicious code in bioql PyPI...
CVE-2025-54812
creationtimestamp| type| source ---|---|--- 2025-08-22 16:22:58+00:00| seen| https://seclists.org/oss-sec/2025/q3/134 2025-08-22 18:48:58+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwz4ocotud2y 2025-08-22 19:01:44+00:00| seen|...
OSV-2025-631 Null-dereference READ in [email protected]
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438264629 Crash type: Null-dereference READ Crash state: [email protected]...
04-as-contact-numbers-menu-cli (=1.0.0), 10xanswers (>=1.0.11 <=1.0.36) +424 more potentially affected by unknown CVE via save-dev (=0.0.1-security)
save-dev NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on save-dev and may be impacted: - 04-as-contact-numbers-menu-cli =1.0.0 - 10xanswers =1.0.11, =3.0.2, =1.6.5, =1.9.1, =1.2.0, =1.1.6, =0.2.1, =1.0.0 - @andes/plex =8.0.1...
go-api-starter (>=0.0.0 <=1.3.0), redux-starter (>=0.0.0 <=1.1.0) potentially affected by unknown CVE via kik-starter (>=0.0.1 <=2.2.1)
kik-starter NPM version =0.0.1, =0.0.0, =0.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-24454...
@alu0101350158/constant-folding (>=1.0.0 <=1.3.9), @mp-next/build (>=0.0.1-alpha.27 <=0.0.1-alpha.34) +9 more potentially affected by unknown CVE via commmander (=0.0.1-security)
commmander NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commmander and may be impacted: - @alu0101350158/constant-folding =1.0.0, =0.0.1-alpha.27, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - zhoukang-cli =1.0.0 Sourc...
CVE-2025-53938
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...
CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...
goodpkgmamamamamamam (=1.0.0) potentially affected by unknown CVE via mtrtestinglalalal (=0.0.1-security)
mtrtestinglalalal NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on mtrtestinglalalal and may be impacted: - goodpkgmamamamamamam =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-5040...
CVE-2024-48782
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end...
CVE-2023-47116
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
workers-oauth-provider 安全漏洞
workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from not properly verifying that the redirecturi is in the allowed list, which could lead to credential theft...
Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05883)
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...
lunary /v1/evaluators/endpoint access control error vulnerability
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from insufficient access control in /v1/evaluators/endpoints, and can be exploited by an attacker to obtain sensitive information...
CVE-2025-27501 Server Side Request Forgery in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
@better-auth/cli (>=0.0.1 <=1.1.16-beta.10), @vxrn/better-auth (>=1.1.368 <=1.1.416) +2 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.1.16-beta.9)
better-auth NPM version =0.4.10-beta.10, =0.0.1, =1.1.368, =1.1.0, =1.1.2-fix.1 - better-auth-monitor =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-9X4V-XFQ5-M8X5...
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...