VulnCheck KEV: CVE-2025-69985

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...

GHSA-3HWV-X8G3-9QPR AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

Summary The objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or an attacker via CSRF to traverse outside the plugin directory and execute the...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-25652

CVE-2025-25652 affects Eptura Archibus 2024.03.01.109. The vulnerability is a directory traversal in the Database Update Wizard’s Run script and Server File components, enabling an attacker to read files on the server by manipulating requests (e.g., c0-param0/c0-param1 in the affected service). R...

PT-2026-2449

Name of the Vulnerable Software and Affected Versions Eptura Archibus version 2024.03.01.109 Description The “Run script” and “Server File” components within the “Database Update Wizard” are susceptible to directory traversal. This allows unauthorized access to files and directories...

Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

CVE-2025-58486

CVE-2025-58486 affects Samsung Account prior to version 15.5.01.1 due to improper input validation, enabling a local attacker to execute arbitrary script. Documented across multiple sources (Red Hat, NVD, CVE lists, CNVD, ENISA EUVD) consistently identify the same flaw and impact. The affected so...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

EUVD-2025-198042

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

PT-2025-47331

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

EUVD-2025-178733

Malicious code in genomics-run-script-auth-neptune npm...