890 matches found
EUVD-2023-46915
Malicious code in bioql PyPI...
EUVD-2023-33774
Malicious code in bioql PyPI...
EUVD-2023-29802
Malicious code in bioql PyPI...
EUVD-2025-27135
Malicious code in bioql PyPI...
EUVD-2024-46443
Malicious code in bioql PyPI...
EUVD-2025-9333
Malicious code in bioql PyPI...
EUVD-2021-32507
Malicious code in bioql PyPI...
EUVD-2025-31686
Malicious code in bioql PyPI...
PT-2025-40524
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/getCobrandingData endpoint, allowing path traversal sequences to be included. This can be used to read any loca...
CVE-2025-60449
An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the adminsafe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also...
CVE-2025-8559
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...
CVE-2025-8559
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...
PT-2025-39939
Name of the Vulnerable Software and Affected Versions All in One Music Player plugin for WordPress versions prior to 1.3.2 Description The All in One Music Player plugin for WordPress is susceptible to a Path Traversal issue through the theme parameter. This allows authenticated attackers with...
Tiny File Manager Unauthenticated Access
Tiny File Manager is a web-based file manager written in PHP. It allows users to manage files on a web server through a simple and user-friendly interface. When authentication is not enforced, an attacker can access the File Browser interface without any credentials. This can lead to unauthorized...
File Browser Unauthenticated Access
File Browser is an open-source web-based file manager that allows users to manage files on a server through a web interface. If the File Browser instance is accessible without authentication, it can lead to unauthorized access to sensitive files and directories on the server. No source data...
GHSA-VV9C-XXG7-WMV7 InvokeAI has External Control of File Name or Path
Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...
CVE-2025-9215
CVE-2025-9215 – StoreEngine WordPress plugin is affected up to version 1.5.0 by a path traversal vulnerability in the file_download() function. The issue allows authenticated users with Subscriber-level access or higher to read arbitrary server files containing sensitive information. Public CVE r...
PT-2025-38122
Name of the Vulnerable Software and Affected Versions: StoreEngine versions up to and including 1.5.0 Description: The StoreEngine WordPress plugin is susceptible to a path traversal issue. This allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...
CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...