282 matches found
EUVD-2021-0220
Malware in sbrugna...
EUVD-2009-1703
Malware in sbrugna...
CVE-2025-11332
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...
CVE-2025-11332
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...
CVE-2025-11332
CmsEasy up to version 7.7.7 is affected. The vulnerability resides in the URL Handler, specifically the lib/inc/view.php file, where manipulation of the PHP_SELF argument can cause cross-site scripting. The issue can be exploited remotely, and publicly disclosed PoCs exist. Remediation in the con...
CmsEasy 代码注入漏洞
CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A code injection vulnerability exists in CmsEasy 7.7.7 and earlier versions, which stems from improper manipulation of the parameter PHPSELF in the file lib/inc/view.php in the component URL...
EUVD-2022-43486
Malicious code in bioql PyPI...
EUVD-2023-44476
Malicious code in bioql PyPI...
EUVD-2024-48590
Malicious code in bioql PyPI...
EUVD-2025-16726
Malicious code in bioql PyPI...
EUVD-2023-44471
Malicious code in bioql PyPI...
EUVD-2023-44475
Malicious code in bioql PyPI...
EUVD-2023-44477
Malicious code in bioql PyPI...
EUVD-2024-16210
Malicious code in bioql PyPI...
EUVD-2023-0123
Malicious code in bioql PyPI...
EUVD-2025-23580
Malicious code in bioql PyPI...
CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling
Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...
CVE-2025-10472 harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-58176
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
PT-2025-35657
Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...