17 matches found
EUVD-2020-2730
Malware in sbrugna...
EUVD-2021-13478
Malware in sbrugna...
EUVD-2025-21408
Malicious code in bioql PyPI...
EUVD-2024-16413
Malicious code in bioql PyPI...
EUVD-2022-3831
Malicious code in bioql PyPI...
EUVD-2024-0785
Malicious code in bioql PyPI...
EUVD-2023-32651
Malicious code in bioql PyPI...
CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...
PT-2025-28412 · Unknown · Quiter Gateway
Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue allows an attacker to retrieve, create, update, and delete databases through the "pagina.filter.categoria mensaje" in the "/QuiterGatewayWeb/api/v1/sucesospagina" endpoint. This...
BIT-MATTERMOST-2025-25068
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...
Directus's webhook trigger flows can leak sensitive data
Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...
CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...
CVE-2024-12215
CVE-2024-12215 — Kedro 0.19.8 : The pull_package() API path can execute the tarball’s setup.py via project_wheel_metadata(), enabling remote code execution (RCE) by running arbitrary commands on the victim’s machine. The vulnerability affects kedro-org/kedro and is documented with RCE impact and ...
CVE-2024-9439 Remote Code Execution in transformeroptimus/superagi
SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...
PT-2025-12284 · Superagi · Superagi
Name of the Vulnerable Software and Affected Versions: SuperAGI affected versions not specified Description: SuperAGI is vulnerable to remote code execution. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any...
Linux Distros Unpatched Vulnerability : CVE-2025-0451
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI...
CVE-2024-12434
The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content...