CVE-2025-67442

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

EUVD-2010-2283

Malware in sbrugna...

EUVD-2018-0691

Malware in sbrugna...

EUVD-2005-0699

Malware in sbrugna...

EUVD-2020-1289

Malware in sbrugna...

EUVD-2025-16991

Malicious code in bioql PyPI...

EUVD-2021-30392

Malicious code in bioql PyPI...

Access Control Bypass

Overview @koa/router is a Affected versions of this package are vulnerable to Access Control Bypass. due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an attacker...

Linux Distros Unpatched Vulnerability : CVE-2018-1199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. Fixed expand checks for webAppMoun...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path parameters in the /demo/static/ endpoint. An attacker can exploit this vulnerability to read arbitrary files from the server’s filesystem by manipulating the request path, potentially exposing sensitive...

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

OpenMetadata authentication bypass and SpEL injection exploit chain

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vulnerabilities that exist in the OpenMetadata aplication. The first vulnerability, CVE-2024-28255,...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...