EUVD-2025-17647

Malicious code in bioql PyPI...

EUVD-2021-27602

Malicious code in bioql PyPI...

EUVD-2023-59422

Malicious code in bioql PyPI...

EUVD-2022-1208

Malicious code in bioql PyPI...

EUVD-2023-33357

Malicious code in bioql PyPI...

EUVD-2024-48678

Malicious code in bioql PyPI...

EUVD-2024-48677

Malicious code in bioql PyPI...

EUVD-2021-28044

Malicious code in bioql PyPI...

EUVD-2021-27601

Malicious code in bioql PyPI...

EUVD-2023-33356

Malicious code in bioql PyPI...

EUVD-2024-48676

Malicious code in bioql PyPI...

CVE-2025-10306 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the processbackupbatch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

PT-2025-34112 · Undefined · Undefined

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

CVE-2025-34121 Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE

An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The wizards/post2file.php script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in...

Expired Pointer Dereference

Overview org.lucee:lucee is a Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. Affected versions of this package are vulnerable to Expired Pointer Dereference via the scheduled task process. An authenticated attacker with an...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

Dmacroweb DM Corporative CMS Path Disclosure Vulnerability

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a path disclosure vulnerability that can be exploited by an attacker to view the contents of webroot/file...

CVE-2025-40662

Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file...