1251 matches found
EUVD-2024-0894
Malicious code in bioql PyPI...
EUVD-2022-7221
Malicious code in bioql PyPI...
EUVD-2024-49795
Malicious code in bioql PyPI...
EUVD-2022-5023
Malicious code in bioql PyPI...
EUVD-2022-6037
Malicious code in bioql PyPI...
EUVD-2024-49551
Malicious code in bioql PyPI...
EUVD-2024-19626
Malicious code in bioql PyPI...
EUVD-2024-0418
Malicious code in bioql PyPI...
EUVD-2021-8679
Malicious code in bioql PyPI...
EUVD-2025-5562
Malicious code in bioql PyPI...
EUVD-2024-34558
Malicious code in bioql PyPI...
EUVD-2019-1006
Malicious code in bioql PyPI...
CVE-2023-53158
A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...
CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
CVE-2025-54310
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...
CVE-2025-3777
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
CVE-2025-34065
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls...
Zulip server 跨站脚本漏洞
Zulip server is an open source team chat application from Zulip Inc. in the United States. A cross-site scripting vulnerability exists in Zulip server versions 2.0.0-rc1 through prior to 10.4, which stems from a cross-site scripting vulnerability in the /digest/ URL...
CVE-2025-34065 AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls...
CVE-2025-49520
CVE-2025-49520 affects Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to git ls-remote, enabling an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift, this can lead to service accou...