EUVD-2025-14703

Malicious code in bioql PyPI...

PT-2025-20072 · Lemeconsultoria · Galera.App

Name of the Vulnerable Software and Affected Versions: lemeconsultoria HCM galera.app version 4.58.0 Description: The issue allows an attacker to execute arbitrary code through multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing,...

CVE-2025-46346

YesWiki (PHP) prior to version 4.5.4 is affected by a stored XSS vulnerability in the comments feature. The issue arises because user input is not fully sanitized/encoded, allowing obfuscated payloads such as /* JavaScriptPayload */ to bypass filters and execute in the browser of users viewing af...

XSS in the /download Endpoint of the JPA Web API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

CVE-2025-32779

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

hpspeed.pl Cross Site Scripting vulnerability OBB-2975861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

campanha.crp-sp.org.br Cross Site Scripting vulnerability OBB-2334759

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-Referencing Linux vulnerability

Info. ----- + Type: To gain visibility + Software: Cross-Referencing Linux. + Verions: until 0.9.2 + Exploit: Si. + Autor: Albert Puigsech Galicia + Contact: [email protected] Introduction. ------------- Cross-Referencing Linux, as known as LXR, allow read all linux kernel source using a web...