359 matches found
EUVD-2021-8787
Malicious code in bioql PyPI...
EUVD-2022-34782
Malicious code in bioql PyPI...
EUVD-2024-41710
Malicious code in bioql PyPI...
EUVD-2023-32722
Malicious code in bioql PyPI...
EUVD-2023-32721
Malicious code in bioql PyPI...
EUVD-2022-43648
Malicious code in bioql PyPI...
EUVD-2022-1761
Malicious code in bioql PyPI...
EUVD-2023-58205
Malicious code in bioql PyPI...
CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery
The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
Linux Distros Unpatched Vulnerability : CVE-2023-5933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input...
IBM Edge Application Manager 代码问题漏洞
IBM Edge Application Manager is an application from International Business Machines IBM that provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is being created and at the edge of the enterprise where action nee...
WordPress plugin Yogi 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a set of blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL, and WordPress plugin is an application plugin. WordPress Yogi suffer...
DiscordNotifications 代码问题漏洞
DiscordNotifications is an open source application from Miraheze. DiscordNotifications suffers from a code issue vulnerability that stems from sending requests to arbitrary URLs via curl and filegetcontents, which could lead to denial of service and server-side request forgery attacks...
The vulnerability of the Chamilo LMS system for electronic learning and content management lies in the insufficient verification of incoming requests used by the operating system. This allows attackers to execute arbitrary HTTP requests.
The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the insufficient verification of incoming requests used by the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary HTTP requests remotely...
The vulnerability of the Vinteo video conference software server lies in the lack of protective measures for website structures. This allows attackers to carry out XSS attacks and execute arbitrary requests.
The vulnerability of the Vinteo video conference software server lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely and execute arbitrary requests...
Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the...
CVE-2024-27561
A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...
CVE-2024-27565
A Server-Side Request Forgery SSRF in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests...
CVE-2024-27563
A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...