313 matches found
EUVD-2022-2198
Malicious code in bioql PyPI...
EUVD-2024-35559
Malicious code in bioql PyPI...
EUVD-2021-33440
Malicious code in bioql PyPI...
CVE-2025-54811
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
Linux Distros Unpatched Vulnerability : CVE-2019-14198
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the...
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...
Linux Distros Unpatched Vulnerability : CVE-2019-14858
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...
CVE-2025-53625 DynamicPageList3 exposes hidden/suppressed usernames
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fix...
Bootstrap < 4.0.0 Multiples Cross-Site Scripting
According to its self-reported version number, Bootstrap is prior to 4.0.0. Therefore, it may be affected by Multiples Cross-Site Scripting XSS vulnerability : - A Cross-Site Scripting XSS vulnerability has been identified within the Bootstrap 3 Button component. - A Cross-Site Scripting XSS...
CVE-2008-7121
Cross-site scripting XSS vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar...
PT-2025-16346
Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered via the groupname at the "/boafrm/formDiskCreateGroup" API endpoint. This allows for potential exploitation...
jooby-pac4j: deserialization of untrusted data
Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1324)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious code in 3-0 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
GHSA-PFQJ-W6R6-G86V Pitchfork HTTP Request/Response Splitting vulnerability
Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...
Mbed TLS 安全漏洞
Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from the use of uninitialized stack memory under certain circumstances...
CVE-2024-10553
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...
CVE-2025-27140 WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE)
WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...
PT-2025-9097 · Git +1 · Net-Snmp
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap buffer overflow issue was identified, which can cause a crash. The crash occurs during the setup engineID, init snmpv3 post premib config, and snmp call callbacks functions...