317 matches found
EUVD-2025-29647
Malicious code in bioql PyPI...
EUVD-2022-50653
Malicious code in bioql PyPI...
EUVD-2025-19763
Malicious code in bioql PyPI...
CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...
CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...
CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...
PT-2025-39440
Name of the Vulnerable Software and Affected Versions petstore version 1.0.7 Description An issue allows a remote attacker to execute arbitrary code by accessing a non-existent endpoint /cart. The server responds with a 404-error page that reveals sensitive information, including the Servlet name...
CVE-2025-29157
CVE-2025-29157 concerns the Swagger Petstore sample (version 1.0.7). The issue occurs when an attacker accesses a non-existent endpoint like /cart, causing the server to return a 404 error page that reveals sensitive information, including the servlet name (default) and server version. The descri...
CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name default and server version...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
CVE-2025-34183
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...
CVE-2025-36146 IBM watsonx.data information disclosure
IBM Lakehouse watsonx.data 2.2 could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system...
CVE-2025-36146
IBM Lakehouse (watsonx.data 2.2) contains an information disclosure vulnerability where an authenticated user could obtain sensitive server component version information from stack traces. The issue stems from CWE-209 and is documented in IBM’s Security Bulletin (CVE-2025-36146). Impact is limite...
GO-2025-3960 Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server
Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
CVE-2025-34186
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...
CVE-2025-34183
Ilevia EVE X1 Server (≤ 4.7.18.0.eden) contains a server-side logging flaw that allows unauthenticated remote attackers to read plaintext credentials from exposed .log files, enabling full authentication bypass and potential system compromise via credential reuse. Additional risk factors in the r...
GO-2025-3901 Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server
Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...
GO-2025-3911 Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server
Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
CVE-2011-10020
Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become...