8 matches found
Insufficient Granularity of Access Control
Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in namespace validation for the ImageUpdater resources. An attacker can perform unauthorized image updates on applications in other namespaces by creating or modifying ImageUpdater resources,...
XML External Entity (XXE) Injection
Overview peppol-py is an A python implementation for sending peppol eDelivery AS4 documents. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML validation process. An attacker can access sensitive files from the filesystem and exfiltrate their conten...
EUVD-2023-1826
Malicious code in bioql PyPI...
CVE-2025-46548 Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...
CVE-2025-1642
A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack can be initiat...
CVE-2024-24556
urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...
PT-2023-10275 · Unknown · Zarthus Irc Twitter Announcer Bot
Name of the Vulnerable Software and Affected Versions: Zarthus IRC Twitter Announcer Bot versions up to 1.1.0 Description: A critical issue was found in the Zarthus IRC Twitter Announcer Bot, affecting the get tweets function of the file lib/twitterbot/plugins/twitter announcer.rb. The manipulati...
Arbitrary Code Execution
Overview joblib is a Lightweight pipelining with Python functions Affected versions of this package are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement. PoC py def f: return 1 p = Parallelnjobs=3, predispatch="sys.exit0" pdelayedf for i ...