306 matches found
EUVD-2025-6651
Malicious code in bioql PyPI...
EUVD-2024-54906
Malicious code in bioql PyPI...
EUVD-2025-12463
Malicious code in bioql PyPI...
EUVD-2024-21484
Malicious code in bioql PyPI...
EUVD-2025-7541
Malicious code in bioql PyPI...
CVE-2025-7488
The CVE-2025-7488 entry concerns JoeyBling SpringBoot_MyBatisPlus (up to a6a825513bd688f717dbae3a196bc9c9622fea26). The vulnerability resides in the Download function handling the /file/download endpoint, where manipulating the Name argument enables path traversal. It is described as remotely exp...
CVE-2025-7488 JoeyBling SpringBoot_MyBatisPlus download path traversal
A vulnerability has been found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can b...
CVE-2025-7488 JoeyBling SpringBoot_MyBatisPlus download path traversal
A vulnerability has been found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can b...
CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload
A vulnerability, which was classified as critical, was found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is...
CVE-2025-7487
The CVE-2025-7487 entry concerns JoeyBling SpringBoot_MyBatisPlus, specifically the SysFileController in /file/upload. The vulnerability arises from improper handling of the portraitFile argument, enabling unrestricted file uploads and remote exploitation. Public disclosures exist, but the exact ...
CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload
A vulnerability, which was classified as critical, was found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is...
SpringBoot_MyBatisPlus 代码问题漏洞
SpringBootMyBatisPlus is a SpringBoot integration with MyBatisPlus by Siwei Zhou, an individual developer. A code issue vulnerability exists in SpringBootMyBatisPlus, which stems from a wrong operation of the parameter portraitFile in file/file/upload leading to arbitrary file uploads...
PT-2025-29343 · Unknown · Joeybling Springboot Mybatisplus
Name of the Vulnerable Software and Affected Versions: JoeyBling SpringBoot MyBatisPlus versions prior to a6a825513bd688f717dbae3a196bc9c9622fea26 Description: A critical vulnerability exists in the SysFileController function located at /file/upload within JoeyBling SpringBoot MyBatisPlus...
CVE-2025-6731
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...
CVE-2025-6731 yzcheng90 X-SpringBoot APK File apk uploadApk path traversal
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...
CVE-2025-6731 yzcheng90 X-SpringBoot APK File apk uploadApk path traversal
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched...
CVE-2025-6731
CVE-2025-6731 affects yzcheng90 X-SpringBoot up to version 5.0. The vulnerability resides in the function uploadApk within /sys/oss/upload/apk of the APK File Handler, where manipulation of the File argument enables path traversal. It can be exploited remotely, and the proof-of-concept/public exp...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9434 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)
org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.23 and more Source cves: CVE-2025-41234 Source advisory: OSV:GHSA-6R3C-XF4W-JXJM...
Malicious code in springboot-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 767553d0189c47e072ca2eccece5b848745a1f6faaf34987293d9232d32f48fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4889 Malicious code in springboot-md (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a8c54ec931e96de6b2788e07cecb1d64ae325d3df32749035073a24f1a762c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...