5 matches found
CVE-2026-59948
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
EUVD-2023-2244
Malicious code in bioql PyPI...
EUVD-2022-36040
Malicious code in bioql PyPI...
CVE-2023-41740
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in cgi component in Synology Router Manager SRM before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors...
Information Disclosure
glance is vulnerable to information disclosure. A remote attacker is able to access and retrieve arbitrary files in a dot directory within the web server directory via URIs such as /.git/HEAD or /.got/logs/HEAD...