303 matches found
EUVD-2025-2056
Malicious code in bioql PyPI...
EUVD-2022-43299
Malicious code in bioql PyPI...
EUVD-2023-44480
Malicious code in bioql PyPI...
EUVD-2022-51766
Malicious code in bioql PyPI...
EUVD-2023-0360
Malicious code in bioql PyPI...
EUVD-2022-42985
Malicious code in bioql PyPI...
EUVD-2025-9672
Malicious code in bioql PyPI...
EUVD-2022-51916
Malicious code in bioql PyPI...
EUVD-2022-7576
Malicious code in bioql PyPI...
Vulnerability fixed in FreePBX
FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...
CVE-2025-8552 atjiu pybbs list cross site scripting
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-7865 thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross...
CVE-2025-7785
CVE-2025-7785 affects thinkgem JeeSite up to version 5.12.0. The vulnerability lies in the sso function of SsoController.java, where manipulation of the redirect parameter enables an open redirect. The issue is remotely exploitable and has been publicly disclosed. A patch is available (commit: 3d...
PT-2025-31878 · Libtiff +2 · Libtiff +2
Name of the Vulnerable Software and Affected Versions: libtiff version 4.6.0 Description: A problematic issue exists in libtiff due to a null pointer dereference in the PS Lvl2page function within the tiff2ps component file tools/tiff2ps.c. The issue occurs when the DEFER STRILE LOAD option is...
CVE-2025-6773
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
CVE-2025-6773
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
CVE-2025-6451
The CVE-2025-6451 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Multiple connected sources confirm a SQL injection in the file /admin/delete_pending.php via the transaction_id parameter, allowing remote exploitation. The issue stems from lack of validation/sanitization...
CVE-2025-6152
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotel...
CVE-2025-6152
CVE-2025-6152 affects Steel Browser up to version 0.1.3. The vulnerability lies in the handleFileUpload function (api/src/modules/files/files.routes.ts), where mis-handling of the filename argument enables path traversal. This could allow an attacker to access unintended files and was described a...
CVE-2025-5935
Open5GS up to version 2.7.3 is affected. The issue lies in the AMF/MME component, specifically the function common_register_state in src/mme/emm-sm.c, where manipulating the ran_ue_id argument can cause a denial of service. The vulnerability can be triggered remotely and public exploitation has b...