60 matches found
EUVD-2023-35881
Malicious code in bioql PyPI...
EUVD-2022-25052
Malicious code in bioql PyPI...
EUVD-2023-23490
Malicious code in bioql PyPI...
EUVD-2022-52965
Malicious code in bioql PyPI...
EUVD-2022-53022
Malicious code in bioql PyPI...
EUVD-2022-53036
Malicious code in bioql PyPI...
EUVD-2022-0228
Malicious code in bioql PyPI...
EUVD-2022-0177
Malicious code in bioql PyPI...
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools
@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
CVE-2025-52467 pgai secrets exfiltration via `pull_request_target`
pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUBTOKEN with write permissio...
TencentOS Server 4: subversion (TSSA-2024:1100)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1100 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2024-7711
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...
CVE-2024-5815
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...
CVE-2023-1367
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2...
CVE-2024-12909
A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...
The vulnerability of the RubyGems.org repository, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the RubyGems.org repository for programming languages involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2024-5711
The CVE-2024-5711 entry describes a stored XSS in the stitionai/devika chat feature caused by insufficient input validation/sanitization on both frontend and backend. Affected: stitionai/devika chat input across all versions. Impact per documents includes potential execution of arbitrary JavaScri...
CVE-2024-3121
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...
CVE-2023-5227
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8...