EUVD-2022-33106

Malicious code in bioql PyPI...

EUVD-2022-53462

Malicious code in bioql PyPI...

EUVD-2022-4807

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-36032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to...

CVE-2025-50900

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecoderequest.getRequestURI to obtain the URL-decoded request path, and then determine whether...

SUSE-SU-2025:02968-1 Security update for libqt4

This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...

CVE-2025-50900

CVE-2025-50900 affects getrebuild/rebuild 4.0.4. The issue resides in com.rebuild.web.RebuildWebInterceptor.preHandle, where the filter decodes the request URI and checks if the path ends with /error. If it does not, the code redirects to /user/login, potentially allowing an unauthenticated attac...

NewStart CGSL MAIN 7.02 : librsvg2 Vulnerability (NS-SA-2025-0127)

The remote NewStart CGSL host, running version MAIN 7.02, has librsvg2 packages installed that are affected by a vulnerability: - A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files on the local filesystem outside ...

CVE-2023-1142

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation...

CVE-2022-32265

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

caido 跨站脚本漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit Web applications efficiently and easily. A cross-site scripting vulnerability exists in Caido version v0.45.0 that stems from improper cleanup in the URL decoding tooltip of the HTTP...

BIT-PHP-MIN-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

RHEL 6 : puppet (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - puppet: incorrect URL decoding CVE-2016-2785 - Versions of Puppet prior to 4.10.1 will deserialize data o...

BIT-PHP-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

Cross site scripting

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...

Exploit for Command Injection in Mjdm Majordomo

Deep Dive: CVE-2023-50917 - Unmasking an Unauthenticated Remo...

Amazon Linux 2 : squid (ALASSQUID4-2023-010)

The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-010 advisory. 2023-10-12: CVE-2022-41317 was added to this advisory. An issue was discovered in Squid through 4.7 and 5. When receivin...

Important: squid

Issue Overview: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decod...

USN-6266-1 librsvg vulnerability

Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element...