373 matches found
EUVD-2025-6017
Malicious code in bioql PyPI...
EUVD-2024-31750
Malicious code in bioql PyPI...
EUVD-2021-34091
Malicious code in bioql PyPI...
EUVD-2022-27875
Malicious code in bioql PyPI...
EUVD-2025-17093
Malicious code in bioql PyPI...
CVE-2025-20148
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...
CVE-2025-53727
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2024-41169 Apache Zeppelin: raft directory listing and file read
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
GHSA-2RHQ-96Q8-4VJQ LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-29902
CVE-2025-29902 is described as remote code execution enabling unauthorized users to execute arbitrary code on the server. Connected documents link affected software as Bosch RTS VLink/Telex RDC Server and related components (e.g., Apache HTTP Server in PT-2025-25233), with remediation guidance no...
PT-2025-25338 · Unknown · Absolute Secure Access Server
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access server versions 9.0 through 13.54 Description: The issue is related to a memory management vulnerability. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence...
CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2024-26157
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...
CVE-2024-26154
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages...
CVE-2024-26155
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...
CVE-2024-26156
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client...
CVE-2022-29509
Directory traversal vulnerability in T Data Server Japanese Edition Ver.2.22 and earlier, T Data Server English Edition Ver.2.30 and earlier, THERMO RECORDER DATA SERVER Japanese Edition Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER English Edition Ver.2.13 and earlier allows a remote...
CVE-2021-3824
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...
CVE-2019-16517
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...
CVE-2025-31131
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2...