Infinite loop

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Infinite loop via the html.Parse function. An attacker can cause resource exhaustion and disrupt service availability by submitting special...

Inefficient Algorithmic Complexity

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which ca...

Inefficient Algorithmic Complexity

Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the html.Parse function due to quadratic parsing complexity when processing certain inputs, which can lea...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SSH Agent servers. An attacker can cause a panic and disrupt service availability by sending a specially crafted, malformed message that triggers an out-of-bounds read. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SSH servers. An attacker can exhaust system memory resources by sending GSSAPI authentication requests with an excessive...

EUVD-2025-13302

Malicious code in bioql PyPI...

EUVD-2024-46057

Malicious code in bioql PyPI...

CVE-2024-52814

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

SUSE CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24787

CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...

CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...

WhoDB 安全漏洞

WhoDB is a data browser from clidey open source. A security vulnerability exists in WhoDB 0.45.0 and earlier versions, which stems from not escaping or encoding user input, allowing an attacker to read local files via injected parameters such as &allowAllFiles=true...

PT-2025-5856

Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The issue allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on, due to the lack of path traversal prevention. The database fil...