EUVD-2024-49489

Malicious code in bioql PyPI...

EUVD-2025-0115

Malicious code in bioql PyPI...

EUVD-2024-24496

Malicious code in bioql PyPI...

EUVD-2023-58468

Malicious code in bioql PyPI...

EUVD-2024-44262

Malicious code in bioql PyPI...

EUVD-2022-2454

Malicious code in bioql PyPI...

EUVD-2022-1681

Malicious code in bioql PyPI...

CVE-2025-56648

CVE-2025-56648 affects npm parcel 2.0.0-alpha and earlier, with an Origin Validation Error. The vulnerability allows a malicious site to send XMLHTTPRequests to the development server and read the response, potentially stealing source code when developers visit the site. The CVSSv3.1 base score i...

Linux Distros Unpatched Vulnerability : CVE-2025-48068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

PT-2025-33747

Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...

BIT-LIBPHP-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

Missing Origin Validation In WebSockets

Next.js is vulnerable to Missing Origin Validation in WebSockets . The vulnerability is due to limited source code exposure in local development mode when the App Router is enabled, which allows an attacker to trick a user into visiting a malicious webpage while npm run dev is active, potentially...

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

Exposed Dangerous Method Or Function

webpack-dev-server is vulnerable to source code exposure. The vulnerability is due to lack of proper origin checks due to requests for classic scripts not being subject to the same-origin policy, allowing attackers to inject malicious scripts that extract source code if the port and script path a...

CVE-2025-48068

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

CVE-2025-48068

CVE-2025-48068 affects Next.js up to versions before 14.2.30 and before 15.2.2, where the dev server with App Router enabled could expose limited source code when a user visits a malicious page while npm run dev is active. The issue is restricted to local development environments and has been pat...

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

PT-2025-23134 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 13.0 through 15.2.2 Description: Next.js is a React framework for building full-stack web applications. In affected versions, Next.js may have allowed limited source code exposure when the dev server was running with the App...

CVE-2024-47166

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...