166 matches found
EUVD-2023-36560
Malicious code in bioql PyPI...
EUVD-2023-36558
Malicious code in bioql PyPI...
EUVD-2025-23429
Malicious code in bioql PyPI...
EUVD-2021-28266
Malicious code in bioql PyPI...
EUVD-2024-0903
Malicious code in bioql PyPI...
EUVD-2022-29573
Malicious code in bioql PyPI...
Steps to TruRisk™ – 5: Eliminate Risk and Lead with Confidence
“We shall not fail or falter; we shall not weaken or tire … Give us the tools and we will finish the job.” – Winston Churchill Every security team knows this truth: you can’t patch everything, and you can’t necessarily protect everything. Perfection is rare, but decisive execution can change...
Linux Distros Unpatched Vulnerability : CVE-2020-13319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue...
Drone Detection with Event Cameras
The diffusion of drones presents significant security and safety challenges. Traditional surveillance systems, particularly conventional frame-based cameras, struggle to reliably detect these targets due to their small size, high agility, and the resulting motion blur and poor performance in...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2024-29200
Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...
CVE-2024-29200
Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...
CVE-2024-29200
Kimai API flaw CVE-2024-29200 exposes timesheet entries to users who should be restricted. The issue stems from inconsistent handling of the view_other_timesheet permission between the UI and API, where the UI restricts data to a user’s teams but the API returns all timesheets when querying /api/...
BIT-GITLAB-2020-13319
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue...
CVE-2023-46245
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
Remote code execution
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
CVE-2023-46245
Kimai 2.x prior to 2.1.0 is vulnerable to Server-Side Template Injection (SSTI) via uploaded Twig templates, which can be escalated to Remote Code Execution (RCE) when rendering PDFs/HTML invoices. Proof-of-concept payloads upload a Twig file and trigger rendering to execute arbitrary commands on...
CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
CVE-2023-46245 Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the...
Traggo Server 路径遍历漏洞
Traggo is a tag-based time tracking tool. A directory traversal vulnerability exists in the Traggo server, which can be exploited by an attacker to read arbitrary files...