837 matches found
EUVD-2023-53398
Malicious code in bioql PyPI...
EUVD-2023-50908
Malicious code in bioql PyPI...
EUVD-2023-41948
Malicious code in bioql PyPI...
EUVD-2023-29054
Malicious code in bioql PyPI...
EUVD-2024-29305
Malicious code in bioql PyPI...
EUVD-2023-2303
Malicious code in bioql PyPI...
EUVD-2024-2097
Malicious code in bioql PyPI...
EUVD-2023-27867
Malicious code in bioql PyPI...
EUVD-2024-0235
Malicious code in bioql PyPI...
EUVD-2024-2784
Malicious code in bioql PyPI...
CVE-2025-11120
A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the publi...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
Tenda AC8 formSetServerConfig function buffer overflow vulnerability
Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...
Tenda AC8 安全漏洞
Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...
CVE-2025-59528 Flowise has Remote Code Execution vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...
CVE-2025-59528 Flowise has Remote Code Execution vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...
PT-2025-38723
Name of the Vulnerable Software and Affected Versions Tenda AC23 versions up to 16.03.07.52 Description A buffer overflow issue exists in the HTTP POST Request Handler component of Tenda AC23. The issue is due to the manipulation of the startIp argument within the sscanf function located in the...
GHSA-3GCM-F6QX-FF7P Flowise has Remote Code Execution vulnerability
Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...
Improper TLS Configuration
github.com/hydraide/hydraide is vulnerable to improper TLS configuration. The vulnerability is due to the client using only RootCAs without proper certificate verification and the server lacking ClientCAs and ClientAuth, which allows an attacker to perform man-in-the-middle MITM attacks and read...
USN-7732-1 kmail-account-wizard vulnerability
It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. An attacker could possibly use this issue to cause email clients to use an attacker-controlled email server...