Malicious code in polygon-toolkit-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c6fa5fc2aa45c8649c09e54e0f5b318b096a78a133380d18d5379621ba819c The package presents a Polygon/Polymarket validation/crypto utility but its exported APIs silently relay caller data to a hardcoded remote endpoint. ...

CVE-2026-33033

A flaw was found in Django. A remote attacker can exploit this vulnerability by submitting specially crafted multipart uploads that include excessive whitespace within Content-Transfer-Encoding: base64 data. This can lead to a degradation of performance, effectively causing a Denial of Service Do...

PT-2026-30850

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description The MultiPartParser component is susceptible to performance degradation when processing multipart uploads containing Content-Transfer-Encoding: base64 wi...

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

CVE-2025-57697

AstrBot Project v3.5.22 contains an arbitrary file read vulnerability in the _encode_image_bs64 function (entities.py), where the function opens a user-provided image path and returns its content base64-encoded without validating the path. This path-traversal/unsafe file read leads to potential s...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

WordPress plugin Web To Print Shop : uDraw 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...

CVE-2021-38346

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

Nautilus File Manager Proof Of Concept

According to the GNOME documentations, the file manager Nautilus is able to display a preview of most of the files. My Proof Of Concept works using the default settings. tested on VirtualBox: Ubuntu, 2.6.28-17-generic, GNOME, Nautilus 2.26.2 ++++ BEGIN BASE64 CONTENT ++++...

CVE-2007-2171

Stack-based buffer overflow in the base64decode function in GWINTER.exe in Novell GroupWise GW WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request...