Malicious code in @antv/a8 (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

OPENSUSE-SU-2026:10648-1 python315-3.15.0~a8-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a8-3.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2019-20151

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

EUVD-2025-206297

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

Seeyon Zhiyuan A8+ security vulnerabilities

Seeyon Zhiyuan A8+ is a collaborative management software developed by the Chinese company Seeyon. Version 7.0 of Seeyon Zhiyuan A8+ contains a security vulnerability. This vulnerability stems from improper handling of the topValue parameter in the seeyon/main.do endpoint, which may lead to...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

CVE-2025-56451

The CVE-2025-56451 entry documents a Cross-Site Scripting (XSS) vulnerability in Seeyon Zhiyuan A8+ Collaborative Management Software 7.0, exploitable via the topValue parameter on the seeyon/main.do endpoint. The issue is described across multiple sources (NVD/Red Hat/EUVD/CIRCL, etc.) with a CV...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

EUVD-2019-6437

Malware in sbrugna...

CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability

DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...

CVE-2025-54066

DiracX-Web has an Open Redirect vulnerability in versions prior to 0.1.0-a8. The login page’s redirect field accepts an arbitrary URI and is not validated. When combined with parameter pollution, an attacker can cloak a malicious redirect, potentially phishing users and harvesting credentials. Th...

CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability

DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...