537 matches found
CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...
GHSA-FR8M-434R-G3XP gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization
Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...
EUVD-2025-33845
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-11570
Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...
CVE-2025-11491
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...
Desktop Commander MCP 安全漏洞
Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...
EUVD-2025-32853
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth
vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...
EUVD-2025-32517
When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...
EUVD-2025-28122
Malicious code in bioql PyPI...
EUVD-2025-28205
Malicious code in bioql PyPI...
EUVD-2025-26904
Malicious code in bioql PyPI...
EUVD-2025-31230
Malicious code in bioql PyPI...
MyClub 安全漏洞
MyClub is a club management software for jibux individual developers. A security vulnerability exists in MyClub version 0.5, which stems from insufficient cleanup of query parameter inputs and could lead to an SQL injection attack...
CVE-2025-61600 Unbounded Memory Allocation in Stalwart IMAP parser
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...
CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...
CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...
CVE-2025-26278
A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
WordPress plugin CF7 Submissions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...