EUVD-2025-23615

Malicious code in bioql PyPI...

EUVD-2025-16008

Malicious code in bioql PyPI...

EUVD-2022-7576

Malicious code in bioql PyPI...

EUVD-2022-51766

Malicious code in bioql PyPI...

EUVD-2022-43008

Malicious code in bioql PyPI...

EUVD-2022-42890

Malicious code in bioql PyPI...

EUVD-2023-44480

Malicious code in bioql PyPI...

EUVD-2022-42985

Malicious code in bioql PyPI...

EUVD-2023-33960

Malicious code in bioql PyPI...

EUVD-2025-9672

Malicious code in bioql PyPI...

Vulnerability fixed in FreePBX

FreePBX has fixed a vulnerability in versions 15, 16 and 17. The vulnerability allows attackers to gain unauthorized access and potentially execute remote code by exploiting a validation and remediation error in the processing of user-supplied input, such as in the "endpoint" module. FreePBX...

CVE-2025-8552 atjiu pybbs list cross site scripting

A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-7865 thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross...

CVE-2025-7785

CVE-2025-7785 affects thinkgem JeeSite up to version 5.12.0. The vulnerability lies in the sso function of SsoController.java, where manipulation of the redirect parameter enables an open redirect. The issue is remotely exploitable and has been publicly disclosed. A patch is available (commit: 3d...

PT-2025-31878 · Libtiff +2 · Libtiff +2

Name of the Vulnerable Software and Affected Versions: libtiff version 4.6.0 Description: A problematic issue exists in libtiff due to a null pointer dereference in the PS Lvl2page function within the tiff2ps component file tools/tiff2ps.c. The issue occurs when the DEFER STRILE LOAD option is...

CVE-2025-6773

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2025-6773

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2025-6451

The CVE-2025-6451 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Multiple connected sources confirm a SQL injection in the file /admin/delete_pending.php via the transaction_id parameter, allowing remote exploitation. The issue stems from lack of validation/sanitization...

CVE-2025-6152

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotel...

CVE-2025-6152

CVE-2025-6152 affects Steel Browser up to version 0.1.3. The vulnerability lies in the handleFileUpload function (api/src/modules/files/files.routes.ts), where mis-handling of the filename argument enables path traversal. This could allow an attacker to access unintended files and was described a...