PT-2026-45638

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add review/save review/get all reviews of the file review app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local...

BioinfoMCP 路径遍历漏洞

BioinfoMCP is an bioinformatics AI platform developed by Florensiawidjaja. It serves to connect command-line tools with intelligent workflows. BioinfoMCP has a path traversal vulnerability, which stems from improper handling of the parameter Name in the Upload function located in the file...

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

CVE-2022-33882

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app ADA. An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code...

CVE-2026-0571

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path...

CVE-2026-0571

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path...

PT-2026-1126

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A security flaw exists in yeqifu warehouse due to path traversal. The issue is related to the manipulation of the path argument within the createResponseEntity function located in th...

CTCMS 代码注入漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A code injection vulnerability exists in CTCMS 2.1.2 and earlier versions, which originates from improper handling of the parameter CTAppPaytype in the Save function in the file /ctcms/libs/CtApp.php, which m...

CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file...

CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file...

CVE-2025-55816

CVE-2025-55816 affects HotelDruid, specifically v3.0.7 and earlier. The vulnerability is a Cross Site Scripting (XSS) flaw in the /modifica_app.php (also cited as /modifica app.php in some docs) file. Root cause details are not fully enumerated across the provided documents, but multiple sources ...

EUVD-2022-39627

Malicious code in bioql PyPI...

EUVD-2022-33128

Malicious code in bioql PyPI...

CVE-2025-48544

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9650 yeqifu carRental AppFileUtils.java removeFileByPath path traversal

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible t...

CVE-2025-9650 yeqifu carRental AppFileUtils.java removeFileByPath path traversal

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible t...

CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20445)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the getAppFileBytes method. An attacker could exploit the vulnerability to disclose information in the SYSTE...

Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20443)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteAppFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM context...

Marvell QConvergeConsole 路径遍历漏洞

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteAppFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM context...