EUVD-2025-5447

Malicious code in bioql PyPI...

CVE-2025-27399 Mastodon's domain blocks & rationales ignore user approval when visibility set as "users"

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

Mastodon 授权问题漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. An authorization issue vulnerability exists in Mastodon that stems from an unapproved user being able to view the reason for a domain block, affecting instance administrators who do not wish to make...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from tags not being properly hidden, where a user may find tags that...

LoveCMS 1.6.2 Final - Remote Code Execution

LoveCMS 1.6.2 Final - Remote Code Execution !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks....